What outputs are generated by this skill?

It produces JSON files for threats, attack trees, and risk registers, along with a visual Markdown report summarizing the security posture.

How does the skill calculate security risk?

It uses a standard 1-5 scale for both Likelihood and Impact, multiplying them to generate a Risk Score ranging from 1 (Low) to 25 (Critical).

What frameworks does tm-threats support?

The skill primarily supports the STRIDE and PASTA frameworks for systematic threat identification and risk assessment.

Do I need to initialize a threat model first?

Yes, you must run the /tm-init command to create the necessary .threatmodel directory and state files before using the analysis skill.

Can it map threats to industry standards?

Yes, identified threats are automatically mapped to relevant MITRE ATT&CK techniques and CWE (Common Weakness Enumeration) entries where applicable.

Threat Modeling & Risk Analysis

Name: Threat Modeling & Risk Analysis
Author: josemlopez

byjosemlopez

0•

보안 및 테스팅

Analyzes system threats using STRIDE or PASTA frameworks to generate comprehensive threat catalogs, attack trees, and risk registers.

The tm-threats skill enables developers to perform systematic security analysis directly within Claude Code. By applying industry-standard frameworks like STRIDE and PASTA to discovered system assets and data flows, it automatically identifies vulnerabilities, calculates risk scores based on likelihood and impact, and generates visual reports. This tool is essential for teams looking to shift security left, providing actionable insights into potential attack vectors and prioritizing mitigation strategies with MITRE ATT&CK and CWE mapping before code deployment.

주요 기능

01Comprehensive risk scoring based on Likelihood and Impact metrics

02Generation of hierarchical attack trees for critical security threats

03Visual threat reports with severity breakdowns and abuse cases

040 GitHub stars

05Automated STRIDE and PASTA framework analysis for system assets

06Mapping of threats to MITRE ATT&CK techniques and CWE entries

사용 사례

01Conducting architectural security reviews during the system design phase

02Identifying and prioritizing vulnerabilities for remediation in existing codebases

03Generating documentation for security compliance and risk management audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/threat-modeling-toolkit tm-threats

For use in Claude.ai and ChatGPT

Download Skill