Does this skill provide security fixes?

When the --fix flag is applied, the subagents will produce inline remediation suggestions for the vulnerabilities they discover.

What is STRIDE threat modeling?

STRIDE is a security framework used to identify threats in six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Can I run a specific part of the STRIDE analysis?

Yes, you can use the --only flag (e.g., --only S,T) to run analysis only for specific categories like Spoofing or Tampering.

How does the parallel execution work?

The skill dispatches six independent subagents simultaneously within a single task call, allowing for faster analysis and specialized focus for each threat category.

What is Expert Mode in this skill?

Expert mode calculates DREAD risk scores for findings and uses red team subagents to simulate how attackers might chain different vulnerabilities together.

STRIDE Threat Modeling

Name: STRIDE Threat Modeling
Author: florianbuetow

byflorianbuetow

•

Security & Testing

Performs comprehensive security threat modeling by dispatching parallel subagents to analyze codebases for STRIDE framework vulnerabilities.

The STRIDE Threat Modeling skill provides a robust automated security auditing workflow for Claude Code. By orchestrating six specialized subagents in parallel—covering Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege—it ensures deep coverage of a project's security posture. The skill consolidates findings into a unified report, mapping vulnerabilities to industry standards like OWASP and CWE while providing a per-element threat matrix to help developers prioritize remediation efforts.

Key Features

01Automatic cross-referencing with OWASP Top 10, CWE identifiers, and MITRE ATT&CK techniques.

02Expert mode integration for DREAD risk scoring and simulated red team attack chaining.

036 GitHub stars

04Context-aware file targeting that focuses analysis on relevant controllers, middleware, and routes.

05Parallel dispatch of six specialized security subagents for rapid, comprehensive analysis.

06Detailed per-element threat matrix to visualize risk across different application components.

Use Cases

01Identifying complex architectural flaws and trust boundary violations in microservices.

02Automating security reviews during the CI/CD pipeline or before significant production deployments.

03Generating detailed threat model documentation for compliance requirements and security audits.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add florianbuetow/claude-code stride

For use in Claude.ai and ChatGPT

Download Skill