What items are flagged as 'Top Priority'?

The skill highlights unmitigated threats categorized as Critical or High, as well as critical security gaps that lack active controls.

What compliance frameworks are supported?

By default, the skill calculates coverage for OWASP and SOC2, provided the corresponding data exists in your compliance.json file.

Can I export the status report in different formats?

Yes, the status command supports a --format flag allowing you to output the data in either user-friendly text or machine-readable JSON.

How do I initialize the threat model data for this skill?

The skill automatically checks for a .threatmodel/ directory in your project. If it is missing, the skill provides a getting started guide to help you set up your asset and threat definitions.

Threat Model Status Report

Name: Threat Model Status Report
Author: josemlopez

byjosemlopez

•

Security & Testing

Provides a real-time overview of your application's security posture, tracking threats, controls, and compliance coverage directly within Claude Code.

The Threat Model Status skill enables developers to monitor their project's security health instantly by aggregating data from the .threatmodel directory. It calculates critical metrics such as threat distribution, control implementation percentages, and compliance alignment with standards like OWASP and SOC2. By highlighting top-priority gaps and missing mitigations, it ensures that security remains a continuous part of the development lifecycle, allowing teams to address vulnerabilities as they code rather than waiting for periodic audits.

Key Features

01Compliance coverage reporting for industry standards like OWASP and SOC2

02Risk-based threat distribution categorized by severity levels

03Comprehensive security dashboard displaying asset counts and trust boundaries

04Automated priority identification for unmitigated critical threats and security gaps

05Control verification tracking to monitor implementation and mitigation progress

061 GitHub stars

Use Cases

01Tracking the implementation of security controls during active development sprints

02Assessing security debt and risk levels before a major production release

03Generating high-level security health reports for stakeholder updates or audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/claude-threatmodel status

For use in Claude.ai and ChatGPT

Key Features

01Compliance coverage reporting for industry standards like OWASP and SOC2

02Risk-based threat distribution categorized by severity levels

03Comprehensive security dashboard displaying asset counts and trust boundaries

04Automated priority identification for unmitigated critical threats and security gaps

05Control verification tracking to monitor implementation and mitigation progress

061 GitHub stars

Use Cases

01Tracking the implementation of security controls during active development sprints

02Assessing security debt and risk levels before a major production release

03Generating high-level security health reports for stakeholder updates or audits

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add josemlopez/claude-threatmodel status

For use in Claude.ai and ChatGPT