Does it provide remediation advice?

Yes, the skill includes specific mitigation suggestions and mapped control families for every identified threat category to help you secure your application.

Can I use this for existing systems?

Yes, this skill is highly effective for both analyzing new architectures during the design phase and conducting security reviews of existing production environments.

Is there a template for documentation?

It provides a comprehensive Markdown template for professional Threat Model Documents, including Data Flow Diagrams, trust boundaries, and risk prioritization tables.

How does the Python helper functionality work?

It includes a programmable framework to automate the generation of security questionnaires and programmatically calculate risk scores for complex system components.

What is the STRIDE methodology?

STRIDE is a mnemonic for identifying security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

STRIDE Security Analysis Patterns

Name: STRIDE Security Analysis Patterns
Author: ccf

byccf

0•

安全与测试

Systematically identifies security threats and implements risk mitigation strategies using the industry-standard STRIDE methodology.

The STRIDE Analysis Patterns skill equips Claude with a robust framework for conducting professional threat modeling and security audits during the development process. It enables developers to categorize and address vulnerabilities across six critical domains: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. By providing standardized templates for documentation, risk assessment matrices, and Python-based automation helpers, this skill helps teams identify risks early in the architectural phase, prioritize mitigations based on data-driven scores, and maintain high-security compliance standards.

主要功能

01Comprehensive STRIDE methodology implementation for systematic threat identification

020 GitHub stars

03Risk assessment matrix for prioritizing vulnerabilities by impact and likelihood

04Mapped control families and mitigation suggestions for all threat categories

05Standardized Markdown templates for professional Threat Model Documents

06Python-based automation scripts for generating security questionnaires

使用场景

01Generating audit-ready security documentation and compliance reports

02Reviewing security design decisions for existing applications and legacy codebases

03Conducting threat modeling sessions for new system architectures and trust boundaries

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add ccf/claude-code-ccf-marketplace stride-analysis-patterns

For use in Claude.ai and ChatGPT

Download Skill