OpenSkillIndex← back to search
claude-codeopenclawsecurity

Skills threat-modeling

Threat Modeling Expert

install
source · Clone the upstream repo
git clone https://github.com/openclaw/skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/brandonwise/threat-modeling" ~/.claude/skills/openclaw-skills-threat-modeling && rm -rf "$T"
OpenClaw · Install into ~/.openclaw/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/brandonwise/threat-modeling" ~/.openclaw/skills/openclaw-skills-threat-modeling && rm -rf "$T"
manifest: skills/brandonwise/threat-modeling/SKILL.md
tags
#security#risk-assessment#threat-modeling#architecture-review#stride#attack-trees
source content

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction.

Description

USE WHEN:

  • Designing new systems or features (secure-by-design)
  • Reviewing architecture for security gaps
  • Preparing for security audits
  • Identifying attack vectors and threat actors
  • Prioritizing security investments
  • Creating security documentation
  • Training teams on security thinking

DON'T USE WHEN:

  • Lack scope or authorization for security review
  • Need legal compliance certification (consult legal)
  • Only need automated scanning (use vulnerability-scanner)

Core Process

1. Define Scope

  • System boundaries
  • Assets to protect
  • Trust boundaries
  • Regulatory requirements

2. Create Data Flow Diagram

[User] → [Web App] → [API Gateway] → [Backend] → [Database]
                ↓
          [External API]

3. Identify Assets & Entry Points

  • Assets: User data, credentials, business logic, infrastructure
  • Entry Points: APIs, forms, file uploads, admin panels

4. Apply STRIDE

  • Spoofing: Can someone impersonate?
  • Tampering: Can data be modified?
  • Repudiation: Can actions be denied?
  • Information Disclosure: Can data leak?
  • Denial of Service: Can availability be affected?
  • Elevation of Privilege: Can access be escalated?

5. Build Attack Trees

Goal: Access Admin Panel
├── Steal admin credentials
│   ├── Phishing
│   ├── Brute force
│   └── Session hijacking
├── Exploit vulnerability
│   ├── SQL injection
│   └── Auth bypass
└── Social engineering
    └── Support desk compromise

6. Score & Prioritize

Use DREAD or CVSS:

  • Damage potential
  • Reproducibility
  • Exploitability
  • Affected users
  • Discoverability

7. Design Mitigations

Map threats to controls and validate coverage.

8. Document Residual Risks

What's accepted vs. mitigated.

STRIDE Analysis Template

ComponentSpoofingTamperingRepudiationInfo DisclosureDoSEoP
Web AppAuth bypassXSS, CSRFMissing logsError messagesRate limitBroken access
APIToken theftInput manipNo auditData exposureResource exhaustPrivilege escalation
DatabaseCredential theftSQL injectionNo audit trailBackup exposureConnection floodDirect access

Threat Categories by Layer

Application Layer

  • Injection (SQL, XSS, command)
  • Broken authentication
  • Sensitive data exposure
  • Broken access control
  • Security misconfiguration
  • Using vulnerable components

Network Layer

  • Man-in-the-middle
  • Eavesdropping
  • Replay attacks
  • DNS spoofing
  • DDoS

Infrastructure Layer

  • Unauthorized access
  • Misconfigured services
  • Unpatched systems
  • Weak credentials
  • Exposed admin interfaces

Human Layer

  • Phishing
  • Social engineering
  • Insider threats
  • Credential sharing

Data Flow Diagram Elements

ElementSymbolDescription
External EntityRectangleUsers, external systems
ProcessCircleApplication logic
Data StoreParallel linesDatabase, cache, files
Data FlowArrowData movement
Trust BoundaryDashed lineSecurity perimeter

Risk Prioritization Matrix

              LOW IMPACT    HIGH IMPACT
HIGH LIKELIHOOD   MEDIUM        HIGH
LOW LIKELIHOOD    LOW           MEDIUM

DREAD Scoring (1-10 each)

FactorQuestion
DamageHow bad if exploited?
ReproducibilityHow easy to reproduce?
ExploitabilityHow easy to attack?
Affected UsersHow many impacted?
DiscoverabilityHow easy to find?

Score: Sum / 5 = Risk Level

Mitigation Strategies

Input Validation

  • Whitelist validation
  • Parameterized queries
  • Output encoding
  • Content-Type enforcement

Authentication

  • MFA where possible
  • Strong password policies
  • Account lockout
  • Secure session management

Authorization

  • Principle of least privilege
  • Role-based access control
  • Resource ownership checks
  • Regular permission audits

Cryptography

  • TLS 1.2+ everywhere
  • Strong key management
  • Secure password hashing
  • Encrypted data at rest

Monitoring

  • Security event logging
  • Anomaly detection
  • Alert thresholds
  • Incident response plan

Best Practices

  1. Involve developers in threat modeling sessions
  2. Focus on data flows, not just components
  3. Consider insider threats
  4. Update models with architecture changes
  5. Link threats to security requirements
  6. Track mitigations to implementation
  7. Review regularly, not just at design time
  8. Keep models living documents

Output Template

# Threat Model: [System Name]

## Scope
- Components in scope
- Out of scope

## Assets
- Critical assets list

## Trust Boundaries
- Internal vs external
- Admin vs user

## Data Flow Diagram
[DFD here]

## STRIDE Analysis
[Table here]

## Prioritized Threats
1. [High] Description - Mitigation
2. [Medium] Description - Mitigation

## Residual Risks
- Accepted risks with justification

## Review Schedule
- Next review date