sec-risk-security-review
CommunityOWASP-aligned threat modeling and risk scoring
Legal & Compliance#risk-assessment#threat-modeling#stride#mitigation#security-review#data-classification#owasp-asvs
AuthorFernanSuoza
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provide structured threat modeling, risk scoring, and mitigation planning for architecture and proposed changes so teams can identify, prioritize, and remediate security, privacy, and compliance risks before release.
Core Features & Use Cases
- STRIDE threat identification: Systematic threat enumeration across components and trust boundaries.
- Risk scoring and prioritization: Likelihood × impact scoring, red/yellow/green categorization, and blocking criteria for high risks.
- ASVS & data classification mapping: Map controls to OWASP ASVS levels and label all data (L1-L4) with handling rules.
- Mitigation & escalation workflow: Actionable mitigations with owners/due dates and human escalation items for legal/compliance decisions.
- Use Case: Architecture review for a payment or healthcare service requiring ASVS L2/L3 mapping, secrets inventory verification, and red-risk approvals.
Quick Start
Run the sec-risk-security-review skill with a proposed architecture description, data classification details, and any scanner findings to receive a prioritized threat model and mitigation plan.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sec-risk-security-review Download link: https://github.com/FernanSuoza/AIDD-project-bootstrap/archive/main.zip#sec-risk-security-review Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.