How does this skill differ from general code review?

While general code review looks at syntax and logic errors, this skill focuses on high-level architectural abuse paths, trust boundaries, and systemic security risks.

Does it provide actionable mitigation steps?

Yes, it recommends specific mitigations tied to concrete code locations, such as implementation hints for schema enforcement, rate limiting, or secrets isolation.

What format is the final report in?

The skill generates a comprehensive, actionable threat model in Markdown format, which can be saved directly to your repository for version-controlled security documentation.

Can I use this for specific directories?

Yes, the skill allows you to target the entire repository or a specific project sub-path for more granular and focused security analysis.

What is a Repository Threat Model?

It is a specialized security analysis that identifies potential threats and vulnerabilities specific to a codebase's architecture, data flows, and assets.

Repository Threat Modeler

Name: Repository Threat Modeler
Author: tech-leads-club

bytech-leads-club

•

1,856

•

安全与测试

Generates actionable, repository-grounded AppSec threat models to identify trust boundaries, abuse paths, and mitigations.

The Repository Threat Modeler skill provides professional-grade security analysis for software projects by grounding its findings directly in the codebase. It moves beyond generic checklists to identify specific trust boundaries, assets at risk, and realistic attacker capabilities based on the application's actual architecture and deployment model. By automating the extraction of system models and the enumeration of threats, it helps developers and security engineers proactively address vulnerabilities like privilege escalation, data exfiltration, and unauthorized access before they can be exploited. It produces a concise, reviewable Markdown report that bridges the gap between raw code and high-level security architecture.

主要功能

01Automated extraction of system architecture and data flows directly from source code.

02Identification of concrete trust boundaries, entry points, and high-risk assets.

03Location-specific mitigation recommendations for components and boundaries.

041,856 GitHub stars

05Customized threat enumeration based on realistic attacker goals and abuse paths.

06Risk prioritization using qualitative likelihood and impact reasoning.

使用场景

01Standardizing AppSec documentation with repository-specific threat models in Markdown.

02Threat modeling a specific project path or new feature before deployment.

03Performing a security audit on a new repository to identify architectural weaknesses.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add tech-leads-club/agent-skills (security)

For use in Claude.ai and ChatGPT

主要功能

01Automated extraction of system architecture and data flows directly from source code.

02Identification of concrete trust boundaries, entry points, and high-risk assets.

03Location-specific mitigation recommendations for components and boundaries.

041,856 GitHub stars

05Customized threat enumeration based on realistic attacker goals and abuse paths.

06Risk prioritization using qualitative likelihood and impact reasoning.

使用场景

01Standardizing AppSec documentation with repository-specific threat models in Markdown.

02Threat modeling a specific project path or new feature before deployment.

03Performing a security audit on a new repository to identify architectural weaknesses.