Can I use CTM if I don't have an existing threat model?

Yes. If no model is found, the skill will offer to help you create one using pytm or proceed with a general analysis, though a baseline model provides much higher quality results.

What happens when a security-notable event is found?

The skill will identify the match, suggest specific mitigations, and recommend creating a ticket so the team knows the threat model needs to be updated.

Does this skill require external dependencies?

Yes, it relies on pytm to help identify or generate baseline threat models for the most accurate security analysis.

How does it suggest specific security mitigations?

It uses a project's local 'Secure_Developer_Checklist.md' to match proposed development actions with established security best practices and required 'Do and Don't' patterns.

What is the CTM skill for Claude Code?

The CTM skill is a specialized capability that analyzes development requests to see if they have security value that requires an update to the project's threat model.

Continuous Threat Modeling (CTM)

Name: Continuous Threat Modeling (CTM)
Author: izar

byizar

•

Seguridad y Pruebas

Analyzes development stories to identify security-notable events and recommend mitigations based on baseline threat models.

The Continuous Threat Modeling (CTM) skill empowers Claude to evaluate user stories, business cases, and development requests for their security impact. By identifying 'security notable events,' the skill helps teams determine when a change warrants inclusion in a threat model. It integrates with pytm to find or establish baseline documentation and utilizes a project-specific Secure Developer Checklist to provide actionable mitigations. This ensures that security considerations are baked into the development lifecycle from the start, helping maintain an evergreen security posture without manual overhead.

Características Principales

01Mapping of developer actions to specific mitigations via Secure Developer Checklist

022 GitHub stars

03Contextual enrichment of requests through interactive AI questioning

04Workflow integration for creating security tickets and model updates

05Automated identification of security-significant changes in user stories

06Baseline threat model discovery and integration using pytm

Casos de Uso

01Vetting new feature requests for security risks during the sprint planning phase

02Providing developers with instant security guidance based on specific technical implementation details

03Maintaining an up-to-date threat model by identifying architectural shifts automatically

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add izar/tm_skills ctm

For use in Claude.ai and ChatGPT

Download Skill