security-threat-model

Installation
SKILL.md

Security Threat Model

Purpose

Use this skill before implementing or approving security-sensitive changes. It complements auth-security and server-security by mapping assets, attackers, trust boundaries, and concrete controls.

Scope First

Identify:

  1. Assets: credentials, tokens, user data, tenant data, money movement, admin actions.
  2. Actors: anonymous user, authenticated user, tenant admin, internal operator, compromised dependency.
  3. Trust boundaries: browser/server, service/service, tenant/tenant, CI/runtime, third-party callbacks.
  4. Entry points: API routes, CLI commands, jobs, webhooks, uploads, config files.
  5. Existing controls: validation, authz, rate limits, audit logs, secret storage.

Threat Checklist

Check at least:

Installs
1
GitHub Stars
233
First Seen
4 days ago
security-threat-model — majiayu000/claude-arsenal