How does this skill help with STRIDE threat modeling?

It provides a mapping engine that translates STRIDE categories (Spoofing, Tampering, etc.) into specific security domains and actionable technical requirements.

What format are the security user stories in?

The skill produces industry-standard user stories following the 'As a... I need to... So that...' format, complete with Markdown-ready checkboxes for acceptance criteria.

Can I use this for compliance documentation?

Yes, the skill includes attributes for mapping requirements to major frameworks like GDPR, HIPAA, PCI-DSS, and SOC2, making audit preparation much faster.

How does it handle traceability?

It generates a traceability matrix that links every technical requirement back to a specific threat ID, ensuring no identified risk is left unmitigated.

Does it generate testable criteria?

Absolutely. It generates both clear acceptance criteria and detailed test specifications to ensure that every security requirement is verifiable.

Security Requirement Extraction

Name: Security Requirement Extraction
Author: ccf

byccf

0•

セキュリティとテスト

Transforms threat models and business logic into actionable security requirements, user stories, and test cases.

This skill bridges the gap between high-level threat identification and technical implementation by deriving structured security requirements from business context and threat models. By utilizing frameworks like STRIDE, it maps potential risks to specific security domains—such as authentication, data protection, and audit logging—to generate developer-ready artifacts. It is an essential tool for teams adopting a 'secure-by-design' approach, providing automated generation of security user stories, acceptance criteria, and traceability matrices to ensure compliance with standards like OWASP, GDPR, and HIPAA.

主な機能

010 GitHub stars

02Builds threat-to-requirement traceability matrices

03Generates security-focused user stories with acceptance criteria

04Automated STRIDE-to-requirement mapping logic

05Creates detailed security test specifications and verification steps

06Supports compliance mapping for PCI-DSS, HIPAA, and SOC2

ユースケース

01Generating security test cases for automated QA and penetration testing

02Converting a STRIDE threat analysis into actionable developer backlog tickets

03Documenting security architecture requirements for compliance audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ccf/claude-code-ccf-marketplace security-requirement-extraction

For use in Claude.ai and ChatGPT

主な機能

010 GitHub stars

02Builds threat-to-requirement traceability matrices

03Generates security-focused user stories with acceptance criteria

04Automated STRIDE-to-requirement mapping logic

05Creates detailed security test specifications and verification steps

06Supports compliance mapping for PCI-DSS, HIPAA, and SOC2

ユースケース

01Generating security test cases for automated QA and penetration testing

02Converting a STRIDE threat analysis into actionable developer backlog tickets

03Documenting security architecture requirements for compliance audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ccf/claude-code-ccf-marketplace security-requirement-extraction

For use in Claude.ai and ChatGPT