Can I use this for existing projects or just new designs?

The skill is highly effective for both. It can analyze existing code to find implementation flaws or review high-level architectural designs to find structural weaknesses.

Does this skill help with security compliance?

Yes, by generating standardized threat model documents and documenting security assumptions, it provides the necessary artifacts for many security review and compliance processes.

What is the STRIDE methodology used by this skill?

STRIDE is a framework for identifying security threats across six categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How does the skill integrate with my codebase?

It uses the Serena MCP tool to map symbols and APIs, allowing Claude to trace data flow through your functions and identify where inputs might hit sensitive boundaries.

Threat Modeling Security Agent

Name: Threat Modeling Security Agent
Author: dralgorhythm

bydralgorhythm

•

Security & Testing

Performs systematic security threat modeling and architectural risk assessments using the STRIDE methodology.

This skill empowers Claude to act as a security architect, identifying vulnerabilities early in the development lifecycle through systematic threat modeling. By leveraging the STRIDE methodology and specialized MCP tools like Serena for attack surface mapping and Sequential Thinking for structured analysis, it helps developers decompose systems, trace data flows from untrusted inputs, and document prioritized mitigations. Whether you are designing a new microservice or auditing an existing codebase, this skill ensures that security assumptions are documented and risks are addressed before they can be exploited.

Key Features

01Automated STRIDE methodology analysis for comprehensive threat coverage

02Systematic data flow tracing from user inputs to sensitive data stores

031 GitHub stars

04Attack surface mapping via Serena MCP tools to identify entry points

05Detailed mitigation strategy generation with documented security trade-offs

06Risk prioritization using industry-standard DREAD or CVSS scoring

Use Cases

01Conducting a security audit on a new API architecture before implementation

02Generating professional security documentation and risk assessments for compliance

03Identifying potential elevation of privilege risks in complex legacy codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add dralgorhythm/claude-agentic-framework security

For use in Claude.ai and ChatGPT

Download Skill