Unnamed Skill
Use when implementing auth, file uploads, payments, or external APIs. Applies STRIDE framework systematically. Triggers: "authentication", "file upload", "payment", "multi-tenant", "external API". If thinking "I know security" - use this anyway.
$ インストール
git clone https://github.com/pvillega/claude-templates /tmp/claude-templates && cp -r /tmp/claude-templates/.claude/skills/threat-modeling ~/.claude/skills/claude-templates// tip: Run this command in your terminal to install the skill
name: threat-modeling description: Use when implementing auth, file uploads, payments, or external APIs. Applies STRIDE framework systematically. Triggers: "authentication", "file upload", "payment", "multi-tenant", "external API". If thinking "I know security" - use this anyway.
Threat Modeling
MANDATORY FIRST STEP
TodoWrite: Create 18+ items (6 STRIDE categories × 3 items each)
- Define assets/entry points
- Enumerate threats per STRIDE category
- Risk scoring
- Identify controls
- Document threat model
- Verification checkpoint
Quick-Start Templates
Authentication Feature
Assets: User credentials, session tokens, reset tokens Entry points: Login, signup, password reset endpoints
STRIDE Focus:
| Threat | Check |
|---|---|
| Spoofing | Credential stuffing protection? Rate limiting? |
| Tampering | Token manipulation? Secure cookies? |
| Repudiation | Login attempt logging? |
| Info Disclosure | Token leakage? Error messages reveal info? |
| DoS | Rate limiting? Account lockout? |
| EoP | Session hijacking? Privilege escalation? |
File Upload Feature
Assets: Stored files, file metadata, server filesystem Entry points: Upload endpoint, file retrieval
STRIDE Focus:
| Threat | Check |
|---|---|
| Spoofing | Impersonate uploader? |
| Tampering | Malicious files? Path traversal? |
| Repudiation | Upload logging? |
| Info Disclosure | Access others' files? |
| DoS | Large file attacks? |
| EoP | Execute uploaded code? |
Multi-Tenant API
Assets: Tenant data, API endpoints, configurations Entry points: All endpoints with tenant context
STRIDE Focus:
| Threat | Check |
|---|---|
| Info Disclosure | Cross-tenant data leakage? |
| EoP | Access other tenant's data? |
| Tampering | Modify tenant_id in requests? |
| Spoofing | Impersonate other tenant? |
STRIDE Process
Apply each category systematically (S→T→R→I→D→E):
- Spoofing: Can attacker impersonate?
- Tampering: Can attacker modify data/code?
- Repudiation: Can attacker deny actions?
- Information Disclosure: Can attacker access secrets?
- Denial of Service: Can attacker disrupt?
- Elevation of Privilege: Can attacker gain unauthorized access?
Risk Scoring: Likelihood (1-5) × Impact (1-5)
- 15-25: Critical (address immediately)
- 6-14: High (before release)
- 1-5: Low (track)
Verification Checkpoint
Before marking complete, verify 3 specifics:
- ✅ Each STRIDE category has ≥2 concrete threats identified
- ✅ All high-risk (score ≥6) threats have controls documented
- ✅ Threat model includes data flow diagram with trust boundaries
Response Templates
"This is over-engineering for a simple feature"
Security bugs cost 30x more post-release than during design. STRIDE takes 15-30 minutes and prevents deployment blockers. Which STRIDE categories don't apply to this feature?
Red Flags
| Thought | Reality |
|---|---|
| "Ad-hoc brainstorming is faster" | Misses 60% of threats |
| "Everything is critical" | No risk prioritization = wrong fixes |
| "We'll security review later" | 30x more expensive post-implementation |
Repository
