How does this skill differ from a general security audit?

This skill focuses specifically on architectural threat modeling—identifying how an attacker might abuse the system's design and data flows—rather than just finding syntax-level bugs or code-style issues.

Does it require external security tools to run?

No, it uses the repository's own structure, configuration files, and source code as the primary source of truth for generating the model.

Can it handle different types of applications?

Yes, it differentiates between CLI tools, web servers, libraries, and background workers, tailoring the threat model to the specific runtime environment and exposure level.

What format is the final threat modeling report?

The skill generates a structured Markdown file (e.g., project-name-threat-model.md) containing the full analysis, identified threats, and recommended mitigations.

Security Threat Modeler

Name: Security Threat Modeler
Author: Moliboy5000

byMoliboy5000

0•

セキュリティとテスト

Generates actionable, repository-specific AppSec threat models by analyzing trust boundaries, assets, and potential abuse paths.

The Security Threat Modeler skill transforms Claude into an Application Security expert capable of performing deep-dive architectural analysis directly on your source code. Unlike generic security checklists, this skill anchors every finding to evidence within your repository, identifying realistic attacker goals and concrete impacts based on your specific deployment model. It guides you through a structured workflow—from mapping trust boundaries and data flows to prioritizing risks based on likelihood and impact—resulting in a professional-grade Markdown threat model that includes specific, implementable mitigation strategies.

主な機能

01Evidence-based architectural mapping and trust boundary identification

02Context-aware mitigation recommendations with specific implementation hints

03Abuse path analysis mapped to realistic attacker goals

04Risk prioritization using qualitative likelihood and impact reasoning

050 GitHub stars

06Detailed enumeration of assets, entry points, and attacker capabilities

ユースケース

01Generating professional AppSec documentation for compliance or stakeholder review

02Performing a pre-release security audit of a new feature or service

03Identifying architectural weaknesses in cloud-native or distributed systems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add moliboy5000/.claude security-threat-model

For use in Claude.ai and ChatGPT

主な機能

01Evidence-based architectural mapping and trust boundary identification

02Context-aware mitigation recommendations with specific implementation hints

03Abuse path analysis mapped to realistic attacker goals

04Risk prioritization using qualitative likelihood and impact reasoning

050 GitHub stars

06Detailed enumeration of assets, entry points, and attacker capabilities

ユースケース

01Generating professional AppSec documentation for compliance or stakeholder review

02Performing a pre-release security audit of a new feature or service

03Identifying architectural weaknesses in cloud-native or distributed systems