Does this skill modify my source code?

No, the skill primarily reads documentation and code to identify assets and verify controls. It only writes analysis data, reports, and diagrams to a dedicated .threatmodel directory.

Can I use this skill for compliance audits?

Yes, it maps identified threats and controls to frameworks like SOC2, PCI-DSS, and the OWASP Top 10, providing structured reports that can be used as audit evidence.

What is the STRIDE methodology used in this skill?

STRIDE is a threat classification model that stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How is risk scoring calculated?

Risk is calculated using the formula: Likelihood (1-5) × Impact (1-5), categorizing findings into Low, Medium, High, or Critical severity levels.

Full Threat Modeling & Security Analysis

Name: Full Threat Modeling & Security Analysis
Author: josemlopez

byjosemlopez

•

Seguridad y Pruebas

Automates comprehensive security threat modeling by identifying vulnerabilities, verifying controls, and mapping compliance frameworks directly within your development workflow.

The Full Threat Model skill provides an end-to-end security analysis engine for Claude Code, enabling developers to perform professional-grade architectural reviews without manual overhead. It systematically scans your documentation and codebase to discover assets, maps data flows across trust boundaries, and applies the industry-standard STRIDE methodology to identify potential attack vectors. Beyond simple identification, the skill searches your code for existing security controls to document gaps and automatically maps findings to major compliance standards like OWASP Top 10, SOC2, and PCI-DSS, generating executive-ready reports and architectural diagrams.

Características Principales

01Generation of Mermaid-based architecture and data flow diagrams

02Automated STRIDE threat identification and risk scoring

03Compliance mapping for OWASP Top 10, SOC2, and PCI-DSS frameworks

041 GitHub stars

05Deep code analysis to verify existing security control implementations

06Automated baseline snapshots for continuous security drift detection

Casos de Uso

01Visualizing complex data flows and trust boundaries in microservices

02Generating evidence and documentation for SOC2 or PCI-DSS audits

03Conducting architectural security reviews before deploying new features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/claude-threatmodel full

For use in Claude.ai and ChatGPT