Security Threat Model
Write a STRIDE-based threat model for a service or feature. Use when asked to produce a threat model, document security risks, identify attack vectors, assess a service's security posture, or prepare for a security design review. Produces a structured threat model covering assets, trust boundaries, STRIDE threat enumeration per component, risk scores, mitigation controls, and residual risk sign-off.
Install
npx pm-claude-skills add --agent claude # or codex · cursor · gemini · hermes
# or one-line MCP (every skill, any client):
claude mcp add pm-skills -- npx -y pm-claude-skills-mcpWhat to give it
- Service name and description — what the service does, who uses it
- Architecture overview — components, dependencies, data flows (a diagram description or ASCII diagram is fine)
- Deployment environment — cloud provider, VPC/network topology, where it runs (Kubernetes, ECS, VMs, serverless)
- Data sensitivity — what data does this service handle? PII, payment data, credentials, internal-only?
- Existing controls — authentication method, encryption in transit/at rest, current WAF/firewall, existing security scanning
- Trust levels — who are the principals? (anonymous public, authenticated users, internal services, admins)
Related skills
Security Threat Model is one of 174 open-source professional AI agent skills.
Try them all in the browser · ⭐ Star on GitHub · Browse the full catalog