Stats
Actions
Available In
Tags
Plugin
randori
AI-powered PASTA threat modeling plugin for Claude Code. Walks through the 7-stage Process for Attack Simulation and Threat Analysis with STRIDE classification, MITRE ATT&CK mapping, DFD generation, and evidence-anchored threat scenarios.
What's Inside
Slash Commands9
pasta
/pasta
Run a full PASTA threat modeling analysis through all available stages sequentially
s1
/s1-objectives
PASTA Stage 1: Define business objectives, security requirements, and compliance context
s2
/s2-scope
PASTA Stage 2: Map technical scope — software components, actors, data sources/sinks, services
s3
/s3-decompose
PASTA Stage 3: Application decomposition — DFD, trust boundaries, entry points, access control matrix
s4
/s4-threats
PASTA Stage 4: Threat analysis — STRIDE classification, ATT&CK mapping, probabilistic assessment, attack tree drafts
Agents4
attack-modeler
/attack-modeler
Use this agent when building attack trees, analyzing attack surfaces, or modeling multi-step attack paths. Triggered by PASTA Stage 4 (attack tree drafts) and Stage 6 (full attack modeling). Also triggered when user asks about "attack trees", "attack paths", "attack surface", "kill chain", or "multi-step attacks".
risk-assessor
/risk-assessor
Use this agent when assessing risk levels, prioritizing threats, or producing risk management recommendations. Triggered by PASTA Stage 7 (risk management) and when user asks about "risk assessment", "risk prioritization", "mitigation priorities", "residual risk", or "risk treatment".
threat-analyst
/threat-analyst
Use this agent when identifying and classifying threats using STRIDE methodology with MITRE ATT&CK mapping. Triggered by PASTA Stage 4 (threat analysis), or when user asks about "threat identification", "STRIDE analysis", "what threats exist", "ATT&CK mapping", or "threat scenarios".
vuln-correlator
/vuln-correlator
Use this agent when correlating threats to known vulnerabilities (CVE/CWE), checking dependencies for known issues, or mapping threat scenarios to vulnerability databases. Triggered by PASTA Stage 5 (vulnerability analysis) and when user asks about "CVE lookup", "vulnerability correlation", "known vulnerabilities", "dependency vulnerabilities", or "CWE mapping".
Skills5
Attack Tree Generation
/attack-tree-generation
This skill should be used when building attack trees, when the user mentions "attack tree", "attack path", "AND/OR tree", "threat tree", "multi-step attack", or needs to construct structured attack decompositions.
DFD Generation
/dfd-generation
This skill should be used when creating data flow diagrams, when the user mentions "DFD", "data flow diagram", "trust boundaries", "data flows", "Mermaid diagram", or needs to visualize how data moves through the system.
MITRE ATT&CK Mapping
/mitre-attack-mapping
This skill should be used when mapping threats to MITRE ATT&CK techniques, when the user mentions "ATT&CK", "MITRE", "T-codes", "attack techniques", "tactics and techniques", "kill chain", or needs to reference the ATT&CK Enterprise framework for threat classification.
PASTA Methodology
/pasta-methodology
This skill should be used when the user mentions "PASTA", "threat modeling methodology", "Process for Attack Simulation", "7-stage threat model", "OWASP threat modeling", or needs to understand the PASTA framework stages, outputs, and how they connect.
STRIDE Classification
/stride-classification
This skill should be used when classifying threats using STRIDE methodology, when the user mentions "STRIDE", "spoofing threats", "tampering threats", "repudiation", "information disclosure", "denial of service", "elevation of privilege", or needs to categorize security threats by type.
Stats
Version1.0.0
Released
LanguageJavaScript
Stars0
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Safety Signals
Caution
Uses power tools
Uses Bash, Write, or Edit tools
Tags
Categories
Keywords
