Stats
Actions
Available In
Tags
Plugin
tm-skills
Assists with threat modeling using the PyTM framework by guiding model creation, analyzing development stories for security value, generating models from codebases, and researching technology security implications.
What's Inside
Skills4
4 Questions pytm
/4qpytm
create an initial PyTM-based threat model of your system by asking questions after the 4 Questions Framework
ctm
/ctm
examine a given development story and decide if it has security value that warrants inclusion in a threat model
pytm threat model
/pytm
create an initial PyTM-based threat model of your system when asked to perform a threat model
tmnt - Threat Model New Things
/tmnt
given a named technology, library, package, concept or any other form of "idea", perform deep research with threat modeling in mind
README
Agent skills to help with Continuous Threat Modeling
Overview
These are agentic skills aimed at helping developers and security practitioners embody the methodology described in Continuous Threat Modeling.
The skills available here try to follow the best practices described at Agent Skills and shoulg be agnostic as to which agent they work with. YMMV, adjustments in path and location may be necessary. They have been tested with Anthropic's Claude Code and OpenAI Codex.
The directory "examples" contain pre-generated threat models using different agents and models for the sake of comparison. These are not human-refined threat models.
Skills Available
pytm - invoke with either /pytm or "threat model this codebase with pytm". This skill builds a pytm script describing your system, the sequence and DFD diagrams associated with it, and a business analysis of the intent of the system with a summary of the findings as well as a JSON file listing all the findings.
ctm - this skill takes a business request, a user-story or a developer story and establishes if it is a "security notable event" according to the Continuous Threat Modeling developer checklist. If it is, mitigations are suggested.
4qpytm - ask the user questions about what is being built, then use pytm to figure out threats, ask the user about possible mitigations while offering guidance, then grade the whole effort.
tmnt - threat model new things - give it something to chew on and get a quick list of security starting points to deep dive into.
Installation
Please refer to your agent's documentation for how to install these skills, as each one's paths vary.
Stats
Version0.1.0
Stars13
Forks3
MaintenanceExcellent
LicenseMIT
Last Commit
Added
Available In
Tags
Technologies
Topics
Categories
