What is the difference between functional and non-functional security requirements here?

Functional requirements define what the system must do (e.g., authenticate users), while non-functional requirements define how it must perform (e.g., authentication latency limits).

How does this skill use the STRIDE framework?

It maps the six STRIDE categories (Spoofing, Tampering, etc.) to specific security domains and requirement patterns, ensuring all common attack vectors are addressed.

Does it support regulatory compliance?

The skill includes an enum for major frameworks like GDPR, HIPAA, and PCI DSS, allowing you to link requirements to specific compliance needs.

Can I export these requirements to my documentation?

Yes, the skill includes templates to export requirements as structured Markdown, including user stories, test specifications, and traceability matrices.

Security Requirement Extractor

Name: Security Requirement Extractor
Author: duanbiao2000

byduanbiao2000

0•

Security & Testing

Translates threat models and business context into actionable security requirements, user stories, and verifiable test cases.

The Security Requirement Extractor is a specialized tool designed to bridge the gap between high-level threat analysis and technical implementation. By utilizing structured frameworks like STRIDE, it helps developers and security engineers transform abstract threats into concrete security user stories, acceptance criteria, and architectural constraints. This skill ensures that security is integrated into the development lifecycle by providing automated traceability between identified risks, required technical controls, and the test specifications needed to verify them.

Key Features

01Traceability matrix creation to link threats directly to technical controls

02Support for major compliance frameworks including PCI DSS, HIPAA, and GDPR

030 GitHub stars

04Generation of security-focused user stories with detailed acceptance criteria

05Automated STRIDE-to-requirement mapping for comprehensive coverage

06Built-in templates for security test cases and verification specs

Use Cases

01Developing security acceptance criteria for feature 'Definition of Done'

02Mapping technical security implementations to regulatory compliance audits

03Converting architectural threat models into actionable development tickets

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add duanbiao2000/obsidiandoc26 security-requirement-extraction

For use in Claude.ai and ChatGPT

Download Skill