← 返回 Skills 市场
Threat Modeling Expert
作者
Solomon Neas
· GitHub ↗
· v1.0.1
· MIT-0
196
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install threat-modeling-expert
功能描述
Threat modeling with STRIDE, PASTA, and attack trees. Analyze architectures for security gaps, extract security requirements, build data flow diagrams, and p...
安全使用建议
This skill is coherent and appears safe to install: it only provides high-level threat-modeling guidance and does not request credentials or install software. However, do not paste sensitive production secrets, credentials, or private keys into the model's prompts or threat models. Ensure you have authorization to share any architecture diagrams or data you submit, and treat outputs as advisory (not a replacement for hands-on security review or compliance certification).
功能分析
Type: OpenClaw Skill
Name: threat-modeling-expert
Version: 1.0.1
The skill bundle is entirely informational, containing only metadata and Markdown instructions for performing threat modeling (STRIDE, PASTA). There is no executable code, network activity, or evidence of prompt injection; the instructions in SKILL.md are strictly aligned with the stated purpose of security architecture review.
能力评估
Purpose & Capability
Name and description match the SKILL.md: it provides high-level threat modeling methods (STRIDE, PASTA, attack trees) and related activities. There are no unrelated requirements (no binaries, env vars, or installs) that conflict with the stated purpose.
Instruction Scope
SKILL.md contains high-level, appropriate steps for threat modeling (define scope, DFDs, apply STRIDE, build attack trees, score threats, design mitigations). Instructions do not direct the agent to read system files, environment variables, or external endpoints, nor do they request collecting unrelated data.
Install Mechanism
No install spec and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install.
Credentials
The skill requests no environment variables, credentials, or config paths. This is proportionate for a guidance/analysis skill.
Persistence & Privilege
always is false and the skill does not request persistent system presence or elevated privileges. Autonomous invocation is allowed (platform default) but not itself a concern here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install threat-modeling-expert - 安装完成后,直接呼叫该 Skill 的名称或使用
/threat-modeling-expert触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Natural description rewrite
v1.0.0
Initial release of Threat Modeling Expert skill.
- Provides expert guidance on threat modeling using methodologies like STRIDE, PASTA, and attack trees.
- Supports data flow diagram analysis, extraction of security requirements, and mapping to security controls.
- Enables risk prioritization and scoring to guide mitigation and investment.
- Designed for proactive security architecture review and secure system design—not for code scanning, penetration testing, or malware analysis.
- Includes best practices, safety guidance, and step-by-step process for effective threat modeling.
元数据
常见问题
Threat Modeling Expert 是什么?
Threat modeling with STRIDE, PASTA, and attack trees. Analyze architectures for security gaps, extract security requirements, build data flow diagrams, and p... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 196 次。
如何安装 Threat Modeling Expert?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install threat-modeling-expert」即可一键安装,无需额外配置。
Threat Modeling Expert 是免费的吗?
是的,Threat Modeling Expert 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Threat Modeling Expert 支持哪些平台?
Threat Modeling Expert 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Threat Modeling Expert?
由 Solomon Neas(@solomonneas)开发并维护,当前版本 v1.0.1。
推荐 Skills