Stats
Actions
Tags
From threatmodel
Fast threat assessment (~30s). Returns JSON with risk level, top threats, critical gaps. For hooks and CI/CD.
How this skill is triggered — by the user, by Claude, or both
Slash command
/threatmodel:quickThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
```
/threatmodel:quick [--focus <files>] [--format json|text]
{
"risk_level": "high",
"top_threats": [
{
"title": "SQL Injection",
"severity": "critical",
"target": "src/api.js:45"
}
],
"critical_gaps": [
{ "title": "Missing input validation", "severity": "high" }
],
"recommendation": "Address 1 critical threat before proceeding."
}
.threatmodel/state/ - Use existing threats.json, gaps.json if availablepassword.*=.*["'] (hardcoded creds)eval\(|exec\( (code injection)query.*\+.*req\. (SQL injection)innerHTML.*= (XSS)| Condition | Level |
|---|---|
| Any critical | critical |
| 3+ high | high |
| 1-2 high or 3+ medium | medium |
| Otherwise | low |
After completing the assessment, if risk_level is critical or high:
/threatmodel:full for complete STRIDE analysisIf risk_level is medium or low:
npx claudepluginhub josemlopez/claude-threatmodel --plugin threatmodelExecutes STRIDE threat modeling, OWASP Top 10 vulnerability scanning, security control validation, privacy assessment, and risk-prioritized reporting for code components.
Runs deep security audit combining mechanical scanning with AI vulnerability analysis. Uses OWASP baseline and stack-adaptive rules for pre-release, dependency, and codebase audits.
Performs comprehensive code security audits across 8 dimensions: OWASP Top 10/CWE vulns, secrets, deps/supply chain, IaC, threats/MITRE ATT&CK, auth, AI code, compliance via 8 parallel agents.