Can I export these trees to other formats?

Yes, the skill includes Python templates to export attack tree models to JSON, making them compatible with other security reporting tools and documentation.

What are AND/OR nodes in this context?

OR nodes represent multiple alternative ways to achieve a goal (any child works), while AND nodes represent specific steps that must all be completed for an attack to succeed.

What is an attack tree?

An attack tree is a conceptual diagram that represents all possible ways a system can be attacked, organized hierarchically with a root goal and branching sub-goals.

How does this skill help with security audits?

It allows you to systematically map out attack surfaces and identify 'leaf nodes' that lack mitigation, highlighting exactly where your defenses are weakest.

Attack Tree Construction

Name: Attack Tree Construction
Author: Microck

byMicrock

•

Security & Testing

Builds comprehensive, hierarchical attack trees to visualize security threat paths and identify defensive gaps.

Attack Tree Construction is a specialized security modeling skill that enables developers and security engineers to systematically map out potential exploit scenarios using structured AND/OR logic. By providing a framework to quantify attack attributes such as cost, difficulty, and detection risk, this skill helps teams prioritize defensive investments and plan penetration tests. It transforms abstract security concerns into actionable, data-driven visualizations that facilitate clear communication of complex risks to stakeholders while identifying specific unmitigated vulnerabilities within a system architecture.

Key Features

01Automated path analysis to identify easiest or cheapest attack vectors

02Gap analysis tools to identify leaf-node attacks lacking mitigations

03Quantitative attribute tracking for cost, time, skill, and detection risk

04Python-based data models for programmatic tree construction and JSON export

052 GitHub stars

06Hierarchical AND/OR node modeling for complex attack scenarios

Use Cases

01Risk communication and defensive investment prioritization

02Security architecture reviews for new system designs

03Penetration testing planning and vulnerability scoping

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/opendots-microck attack-tree-construction

For use in Claude.ai and ChatGPT

Key Features

01Automated path analysis to identify easiest or cheapest attack vectors

02Gap analysis tools to identify leaf-node attacks lacking mitigations

03Quantitative attribute tracking for cost, time, skill, and detection risk

04Python-based data models for programmatic tree construction and JSON export

052 GitHub stars

06Hierarchical AND/OR node modeling for complex attack scenarios

Use Cases

01Risk communication and defensive investment prioritization

02Security architecture reviews for new system designs

03Penetration testing planning and vulnerability scoping

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/opendots-microck attack-tree-construction

For use in Claude.ai and ChatGPT