agentic-security:threat-model-first
OfficialThreat-model first before you write
AuthorClear-Capabilities
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Activates before you add or edit code that crosses a security trust boundary. The cheapest place to fix a security bug is the moment before you write it. This skill front-loads the threat modeling so the implementation that follows is informed.
Core Features & Use Cases
- Pause before the Edit. Don't write the code yet. Tell the user you're going to threat-model first.
- Generate a session id if one doesn't exist for this conversation.
- Walk STRIDE per touch-point. For the specific construct the user is about to introduce, work through: S (Spoofing), T (Tampering), R (Repudiation), I (Information disclosure), D (Denial of service), E (Elevation of privilege) etc., and document one sentence per category.
- Write the result to the scratchpad via MCP and store the threat model artifact.
- Propose defensive measures and annotate code comments to show mapping to STRIDE rows.
- Commit-as-you-go: reference each defense in code comments as you implement it.
Quick Start
Before you write code that touches a security trust boundary, run threat-modeling to generate a TM.md that captures STRIDE questions and mitigations.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: agentic-security:threat-model-first Download link: https://github.com/Clear-Capabilities/agentic-security/archive/main.zip#agentic-security-threat-model-first Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.