Automated threat modeling plugin for Claude Code with STRIDE analysis and compliance checks
npx claudepluginhub josemlopez/claude-threatmodelAutomated threat modeling for Claude Code. Runs security assessments via subagents when you approve implementation plans.
josemlopez
Automated threat modeling for Claude Code
3 skills • 182 lines • ~2K tokens • Minimal context window impact
This plugin adds automatic security assessment to Claude Code. When you approve an implementation plan, it runs a threat analysis before code gets written—not weeks later when fixes are expensive.
The key insight: Security review should happen at the moment of intent, not after deployment.
When you're in Claude Code and approve a plan (ExitPlanMode), a hook fires automatically. No commands to remember—security assessment just happens.
Here's what makes this different: threat analysis runs in a subagent, not in your main conversation.
Why does this matter?
| Approach | Context Cost | Analysis Depth |
|---|---|---|
| Direct injection | ~2K+ tokens | Limited |
| Subagent (this plugin) | ~200 tokens | Unlimited |
Traditional security tools inject their entire analysis into your conversation, eating up precious context. This plugin spawns a separate agent that:
/threatmodel:quick in its own contextYou: "Implement user authentication"
↓
Claude: [Creates plan]
↓
You: [Approve plan] → ExitPlanMode
↓
Hook fires → Subagent spawns
↓
Subagent: Runs /threatmodel:quick
• Scans for hardcoded credentials
• Checks for injection vulnerabilities
• Looks for XSS patterns
• Returns: "Found 2 high risks..."
↓
Claude: Continues with security-aware implementation
The quick assessment calculates a risk level:
| Risk Level | What Happens |
|---|---|
| Critical/High | Recommends /threatmodel:full for complete STRIDE analysis |
| Medium/Low | Shares findings, proceeds with implementation |
You decide whether to run the full analysis. The plugin doesn't block you—it informs you.
| Skill | Purpose | When It Runs |
|---|---|---|
/threatmodel:quick | Fast risk scan (~30s) | Automatic after plan approval |
/threatmodel:full | Complete STRIDE + compliance | On-demand or when escalated |
/threatmodel:status | Current security posture | Manual check |
password.*=.*["'])eval(, exec()query.*+.*req.)innerHTML.*=)Plus: OWASP Top 10 mapping, SOC2/PCI-DSS compliance checks, baseline snapshots for drift detection.
/plugin marketplace add josemlopez/claude-threatmodel
/plugin install threatmodel@josemlopez
Done. The plugin includes skills and hooks—no configuration needed.
Just say:
Install the threat modeling plugin from https://github.com/josemlopez/claude-threatmodel
/threatmodel:status
Or: approve any implementation plan and watch the security assessment run.
git clone https://github.com/josemlopez/claude-threatmodel.git
claude --plugin-dir ./claude-threatmodel
Note: --plugin-dir loads the plugin for that session only.
For shorter skill names (/tm-quick instead of /threatmodel:quick):
cp -r skills/quick ~/.claude/skills/tm-quick
cp -r skills/full ~/.claude/skills/tm-full
cp -r skills/status ~/.claude/skills/tm-status
Then copy hooks from hooks/hooks.json to ~/.claude/settings.json, updating skill references from /threatmodel:quick to /tm-quick.
The plugin registers a PostToolUse hook that matches ExitPlanMode:
Harness-native ECC skills, hooks, rules, MCP conventions, and operator workflows
Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.
Production-ready workflow orchestration with 84 marketplace plugins, 192 local specialized agents, and 156 local skills - optimized for granular installation and minimal token usage