Stats
Actions
Tags
From threat-modeler — STRIDE/EoP gap ritual & self-improvement covenant
Run the STRIDE/Elevation-of-Privilege gap ritual against skillsentry's probe set and propose new rules. Use when the user asks "what threats do we miss?", "what's our STRIDE coverage?", "run the gap ritual", "find detection gaps", or when a new detection class lands. Observes (mechanical matrix + EoP deck), proposes via PR — never ships a rule directly.
How this skill is triggered — by the user, by Claude, or both
Slash command
/threat-modeler:gap-ritualThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The gap ritual is how the threat-stack platform evolves toward greater threat intelligence. It runs
The gap ritual is how the threat-stack platform evolves toward greater threat intelligence. It runs against skillsentry's own probe set and answers the Four Questions' fourth question — did we do a good job? — then proposes the next improvement. STRIDE and the Elevation-of-Privilege deck are the intelligence sources; STRIDE is the organising lens, but none of them overrides the deterministic gates.
The covenant proposes; the deterministic core + a human dispose.
You may OBSERVE and PROPOSE (open a PR); you may not decide a verdict, edit detection on main, or
self-merge. The full may/may-not list and the acceptance gate are canonical in
knowledge/covenant-governance.md — read it before proposing.
Run node plugins/threat-modeler/scripts/coverage-matrix.mjs --json from the repo root. It tabulates
STRIDE × tier density straight from framework.stride / framework.axis on every rule. Current shape:
T/I/E HEAVY, S THIN, R and D ABSENT, cognitive axis is the moat (the prompt-injection family),
temporal is realized by the engine's T3 pass (reads 0 as a rule, not a gap).
Walk knowledge/eop-deck.md suit by suit, cross-checking knowledge/{mcp-38,maestro,owasp-agentic}.md
(consult knowledge/linddun.md only when a privacy/PII concern is actually in scope — it is parked otherwise).
A "card" with no probe that is static · pre-execution · deterministic · never-executing is a gap.
Reject anything needing runtime, network, a parser dep, or LLM semantics — those break the pillars.
Write doc/threat-model/GAP_ANALYSIS.md + doc/threat-model/gaps.json.
Recommend the highest-value gap (today: the ABSENT D — destructive/DoS and R — audit-evasion
cells) and point at the propose-rule skill to draft it as a RuleSpec and open the PR. The new rule
follows the data template in src/core/rules/dangerous-bash.rules.ts and must ship pass/fail fixtures
and a precision budget so its evidence lands atomically.
npx claudepluginhub agentic-underground/skillsentry --plugin threat-modelerProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.