← 返回
未分类 中文

S³ Threat Modeling

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement ext...
威胁建模方法、安全架构审查与风险评估专家;精通STRIDE、PASTA、攻击树及安全需求提取
solomonneas solomonneas 来源
未分类 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 448
下载
💾 0
安装
1
版本
#latest#pasta#security-architecture#stride#threat-modeling

概述

Threat Modeling Expert

Expert in threat modeling methodologies, security architecture review, and risk assessment. Masters STRIDE, PASTA, attack trees, and security requirement extraction. Use PROACTIVELY for security architecture reviews, threat identification, or building secure-by-design systems.

Capabilities

  • STRIDE threat analysis
  • Attack tree construction
  • Data flow diagram analysis
  • Security requirement extraction
  • Risk prioritization and scoring
  • Mitigation strategy design
  • Security control mapping

Use this skill when

  • Designing new systems or features
  • Reviewing architecture for security gaps
  • Preparing for security audits
  • Identifying attack vectors
  • Prioritizing security investments
  • Creating security documentation
  • Training teams on security thinking

Do not use this skill when

  • You lack scope or authorization for security review
  • You need legal or compliance certification
  • You only need automated scanning without human review

Instructions

  1. Define system scope and trust boundaries
  2. Create data flow diagrams
  3. Identify assets and entry points
  4. Apply STRIDE to each component
  5. Build attack trees for critical paths
  6. Score and prioritize threats
  7. Design mitigations
  8. Document residual risks

Safety

  • Avoid storing sensitive details in threat models without access controls.
  • Keep threat models updated after architecture changes.

Best Practices

  • Involve developers in threat modeling sessions
  • Focus on data flows, not just components
  • Consider insider threats
  • Update threat models with architecture changes
  • Link threats to security requirements
  • Track mitigations to implementation
  • Review regularly, not just at design time

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-03-30 22:49 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

ai-agent

Self Learning Agent

solomonneas
知识卡片记忆系统,支持语义搜索。智能体每次会话重新启动,但通过约350token的原子卡片和YAML前置元数据记住所有内容。
★ 0 📥 823
it-ops-security

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装后可防止您和您的用户受到提示注入、数据泄露及恶意行为的侵害。
★ 116 📥 31,045
it-ops-security

1password

steipete
设置和使用 1Password CLI (op)。适用于:安装 CLI、启用桌面应用集成、登录(单/多账户)、通过 op 读取/注入/运行密钥。
★ 53 📥 31,957