Stats
Actions
Tags
From threatmodel
Show threat model status - asset counts, threat distribution, control verification, compliance coverage.
How this skill is triggered — by the user, by Claude, or both
Slash command
/threatmodel:statusThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
```
/threatmodel:status [--format text|json]
Shows current state of .threatmodel/:
═══════════════════════════════════════════════════════════
THREAT MODEL STATUS
═══════════════════════════════════════════════════════════
Assets: 14 (3 data-stores, 6 services, 3 clients, 2 integrations)
Data Flows: 22 (8 cross trust boundaries)
Trust Boundaries: 5
THREATS: 47 total
Critical: 5 | High: 12 | Medium: 18 | Low: 12
CONTROLS: 29 required
Implemented: 18 (62%) | Partial: 7 | Missing: 4
GAPS: 11 total
Critical: 2 | High: 4
COMPLIANCE:
OWASP: 82% | SOC2: 88%
TOP PRIORITY:
1. [CRITICAL] MFA not enforced
2. [CRITICAL] SQL injection in legacy module
3. [HIGH] Rate limiting missing
═══════════════════════════════════════════════════════════
.threatmodel/ - If missing, show getting started guidenpx claudepluginhub josemlopez/claude-threatmodel --plugin threatmodelProduce a threat model — assets, ranked threats, mitigations, accepted risks. Use when asked to "threat model this", "what could go wrong security-wise", "map our attack surface", or before designing any security-sensitive feature.
Produces threat models for codebases or systems: identifies crown jewels assets, maps attack surface entry points and trust boundaries, ranks threats, suggests mitigations and accepted risks.
Generates threat models using OWASP Four-Question Framework and STRIDE methodology, producing matrices with risk ratings, mitigations, and prioritization for attack surface analysis and security reviews.