Analyze threats against discovered assets using STRIDE or PASTA framework. Generates threat catalog, attack trees, abuse cases, and risk register. Use when analyzing threats, identifying attack vectors, assessing security risks, or expanding threat catalog.
View on GitHubjosemlopez/threat-modeling-toolkit
threat-modeling-toolkit
skills/tm-threats/SKILL.md
January 22, 2026
Select agents to install to:
npx add-skill https://github.com/josemlopez/threat-modeling-toolkit/blob/main/skills/tm-threats/SKILL.md -a claude-code --skill tm-threatsInstallation paths:
.claude/skills/tm-threats/# Threat Analysis ## Purpose Systematically identify and analyze threats against your system using established threat modeling frameworks. This skill: - Applies STRIDE methodology to each component - Generates comprehensive threat catalog - Builds attack trees for critical threats - Identifies abuse cases from legitimate functionality - Creates prioritized risk register ## Usage ``` /tm-threats [--framework stride|pasta] [--focus <asset-id>] [--depth quick|standard|deep] [--include-abuse] ``` **Arguments**: - `--framework`: Threat framework (default: stride) - `--focus`: Analyze specific asset only - `--depth`: Analysis depth - `--include-abuse`: Generate abuse cases from sequences ## Prerequisites Requires initialized threat model. Run `/tm-init` first if `.threatmodel/` doesn't exist. ## STRIDE Analysis Process ### For Each Asset Apply STRIDE categories based on asset type: | Asset Type | S | T | R | I | D | E | |------------|---|---|---|---|---|---| | External Entity | ✓ | | ✓ | | | | | Process/Service | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | | Data Store | | ✓ | ✓ | ✓ | ✓ | | | Data Flow | | ✓ | | ✓ | ✓ | | ### For Each Trust Boundary Crossing Analyze threats for data flows crossing trust boundaries: 1. **Spoofing**: Can the source be impersonated? 2. **Tampering**: Can the data be modified in transit? 3. **Repudiation**: Can the action be denied? 4. **Information Disclosure**: Can the data be intercepted? 5. **Denial of Service**: Can the flow be disrupted? 6. **Elevation of Privilege**: Can privileges be escalated? ### For Each Attack Surface Entry Analyze exposed entry points: 1. What authentication is required? 2. What authorization is enforced? 3. What input validation exists? 4. What rate limiting is applied? 5. What data is exposed? ## Risk Scoring ### Likelihood Scale (1-5) | Score | Level | Description | |-------|-------|-------------| | 1 | Rare | Requires significant resources, unlikely to occur | | 2 | Unlikely | Difficult but possible with mode