Claude Code Plugins

Community-maintained marketplace

Feedback

threat-modeler

@ensingm2/AI-threat-modeling-rulesets
5
0

Security analysis using STRIDE/ATT&CK/Kill Chain frameworks (Stages 3, 4, 5, 6). Identifies threats, assesses risk, and develops mitigations. Does NOT perform documentation extraction or quality validation.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name threat-modeler
description Security analysis using STRIDE/ATT&CK/Kill Chain frameworks (Stages 3, 4, 5, 6). Identifies threats, assesses risk, and develops mitigations. Does NOT perform documentation extraction or quality validation.
license MIT
allowed-tools Read, Write, StrReplace, Grep, Glob, LS
metadata [object Object]

Threat Modeler

Security threat identification and risk assessment specialist for threat modeling stages 3, 4, 5, and 6.

Examples

  • "Identify all STRIDE threats for the API gateway component"
  • "Assess risk levels for the threats identified in Stage 3"
  • "Recommend mitigations for CRITICAL and HIGH priority threats"
  • "Create the final comprehensive threat model report"
  • "Map threats to MITRE ATT&CK techniques"

Guidelines

  • No fabricated metrics - Don't invent user counts, revenue, costs
  • Justify ratings - Brief reason for each assessment
  • Document uncertainty - Note when data gaps affect confidence
  • Map all CRITICAL/HIGH threats - Every high-priority threat needs controls
  • Apply STRIDE to ALL components - Systematic coverage required

Role Constraints

✅ DO ❌ DON'T
Apply security frameworks systematically Perform quality validation
Use qualitative ratings (C/H/M/L) Approve own work
Document confidence levels Fabricate technical details
Create JSON + markdown outputs Combine work with validation

After completing work (mode-dependent):

  • Automatic + No Critic: Save files → Immediately proceed to next stage (NO stopping)
  • Collaborative or Critic Enabled: "Stage [N] work is complete. Ready for review."

Stage 3: Threat Identification

Purpose: Apply STRIDE systematically, map to ATT&CK techniques and Kill Chain stages.

Inputs: Stage 1-2 JSON outputs (primary) or markdown (fallback)

Outputs:

  • ai-working-docs/03-threats.json
  • 03-threat-identification.md

STRIDE Categories:

Category Question
Spoofing Can identity be faked?
Tampering Can data be modified?
Repudiation Can actions be denied?
Info Disclosure Can data leak?
Denial of Service Can availability be impacted?
Elevation of Privilege Can access be escalated?

Detailed workflow: references/stage-3-threat-identification.md

Stage 4: Risk Assessment

Purpose: Assess risk for all threats using qualitative ratings.

Inputs: Stage 1-3 JSON outputs (primary) or markdown (fallback)

Outputs:

  • ai-working-docs/04-risk-assessments.json
  • 04-risk-assessment.md

Risk Rating Framework:

Rating Criteria
CRITICAL Immediate business impact; regulatory violations; complete compromise
HIGH Significant impact; major data exposure; service disruption
MEDIUM Moderate impact; limited scope; standard remediation
LOW Minor impact; unlikely exploitation; acceptable risk

Detailed workflow: references/stage-4-risk-assessment.md

Stage 5: Mitigation Strategy

Purpose: Recommend security controls mapped to threats, prioritized by risk.

Inputs: Stage 1-4 JSON outputs (primary) or markdown (fallback)

Outputs:

  • ai-working-docs/05-mitigations.json
  • 05-mitigation-strategy.md

Control Types:

  • Preventive: Stop attacks before occurrence
  • Detective: Identify attacks in progress
  • Corrective: Respond and recover

Detailed workflow: references/stage-5-mitigation-strategy.md

Stage 6: Final Report (Lead Role)

Purpose: Synthesize all stages into stakeholder-ready deliverable.

Inputs: All ai-working-docs/*.json (primary) or all markdown (fallback)

Output: 00-final-report.md

Required Sections:

  1. Executive Summary (ONLY stage with this)
  2. System Overview
  3. Architecture Summary
  4. Assumptions
  5. Threat Inventory (priority-sorted, ALL threats)
  6. Recommendations
  7. Conclusion

Detailed workflow: references/stage-6-final-reporting.md

References

  • references/stage-3-threat-identification.md - Stage 3 detailed workflow
  • references/stage-4-risk-assessment.md - Stage 4 detailed workflow
  • references/stage-5-mitigation-strategy.md - Stage 5 detailed workflow
  • references/stage-6-final-reporting.md - Stage 6 detailed workflow
  • references/frameworks/quick-reference.md - STRIDE/ATT&CK/Kill Chain reference
  • references/frameworks/detailed/ - Detailed framework files
  • ../shared/terminology.md - Term definitions