Stats
Actions
Tags
From tm-skills
Examines development stories for security value using Continuous Threat Modeling methodology. Integrates with pytm for baseline threat models and uses a developer checklist for mitigations.
How this skill is triggered — by the user, by Claude, or both
Slash command
/tm-skills:ctmThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Given a business case, a user-story, a development request or similar, examine it in the context of the project and the existing baseline threat model and decide if it is a "security notable event" according to Continuous Threat Modeling.
Given a business case, a user-story, a development request or similar, examine it in the context of the project and the existing baseline threat model and decide if it is a "security notable event" according to Continuous Threat Modeling.
Copy this checklist and track your progress:
Security notable event checklist
- [ ] Find a baseline threat model
- [ ] Enrich the request
- [ ] Use the CTM Developer Checklist
**Step 1: Find a baseline threat model
Examine the project's directory for documentation that resembles a threat model. If one is found, use that as the baseline threat model. If one is not found, ask the user if they would like to use the pytm skill to create one, or if they can provide a baseline threat model. Give the user the option to not have a baseline threat model but point out the quality of the analysis will be diminished.
**Step 2: Enrich the request
If a baseline threat model is available, use it to enrich the corpus of the request. Feel free to ask the user as many elucidative questions about the request as you consider necessary. Use the answers to enrich the request.
**Step 3: Use the CTM Developer Checklist
Using the content of ./Secure_Developer_Checklist.md try to identify in the user request instances that match the "If you did THIS ..." side of the reference table. If matches are found, use the "... then do THAT" respective field to suggest mitigations to the issue identified.
There can be many matches in any given request. Return all those matches.
If there are notable events, suggest to the user that a ticket be created reflecting this change so the threat model can be updated.
npx claudepluginhub izar/tm_skills --plugin tm-skillsGenerates concrete, developer-focused threat models for features, components, or systems, with attack scenarios, risks, and actionable mitigations.
Generates threat models using OWASP Four-Question Framework and STRIDE methodology, producing matrices with risk ratings, mitigations, and prioritization for attack surface analysis and security reviews.
Conducts structured threat modeling using OWASP Four-Question Framework and STRIDE. Generates threat matrices with risk ratings, mitigations, prioritization for attack surface analysis and security architecture reviews.