How does the skill help prioritize security fixes?

It uses a Likelihood x Impact matrix with a 1-9 scoring system, allowing teams to focus on the most critical risks and 'quick wins' first.

What is the STRIDE framework used by this skill?

STRIDE is a mnemonic for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, used to categorize and identify security threats.

Can this skill identify trust boundaries?

Yes, it is specifically designed to map trust boundaries where data flow transitions between different levels of trust, which is critical for defining an attack surface.

Is documentation included in the threat modeling process?

Absolutely. The skill emphasizes documenting residual risk and creating structured security reviews to ensure no vulnerability is ignored or forgotten.

Threat Modeling Architect

Name: Threat Modeling Architect
Author: rnavarych

byrnavarych

•

安全与测试

Conducts comprehensive security reviews and risk assessments using the STRIDE framework to secure system architectures.

The Threat Modeling Architect skill empowers Claude to perform deep-dive security analysis of system designs, ensuring that security is a first-class citizen in the development lifecycle. By utilizing the STRIDE methodology, Claude can systematically identify vulnerabilities across trust boundaries, construct detailed attack trees, and provide quantitative risk assessments using a Likelihood x Impact matrix. This skill is essential for architects and developers who need to document sensitive data flows, prioritize security mitigations, and maintain a rigorous security posture from design to deployment.

主要功能

01STRIDE methodology implementation (Spoofing to Elevation of Privilege)

0211 GitHub stars

03Residual risk documentation and security architecture checklists

04Systematic attack tree construction for specific threat goals

05Risk scoring and prioritization using Likelihood x Impact matrices

06Trust boundary and attack surface identification

使用场景

01Prioritizing security technical debt based on quantifiable risk scores

02Mapping trust boundaries and data flows in complex microservices

03Conducting pre-launch security architecture reviews for new features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer threat-modeling

For use in Claude.ai and ChatGPT

主要功能

01STRIDE methodology implementation (Spoofing to Elevation of Privilege)

0211 GitHub stars

03Residual risk documentation and security architecture checklists

04Systematic attack tree construction for specific threat goals

05Risk scoring and prioritization using Likelihood x Impact matrices

06Trust boundary and attack surface identification

使用场景

01Prioritizing security technical debt based on quantifiable risk scores

02Mapping trust boundaries and data flows in complex microservices

03Conducting pre-launch security architecture reviews for new features

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rnavarych/alpha-engineer threat-modeling

For use in Claude.ai and ChatGPT