{ "schemaVersion": "1.0", "item": { "slug": "threat-modeling", "name": "Threat Modeling Expert", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/brandonwise/threat-modeling", "canonicalUrl": "https://clawhub.ai/brandonwise/threat-modeling", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/threat-modeling", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=threat-modeling", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/threat-modeling" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/threat-modeling", "agentPageUrl": "https://openagent3.xyz/skills/threat-modeling/agent", "manifestUrl": "https://openagent3.xyz/skills/threat-modeling/agent.json", "briefUrl": "https://openagent3.xyz/skills/threat-modeling/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Threat Modeling Expert", "body": "Expert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction." }, { "title": "Description", "body": "USE WHEN:\n\nDesigning new systems or features (secure-by-design)\nReviewing architecture for security gaps\nPreparing for security audits\nIdentifying attack vectors and threat actors\nPrioritizing security investments\nCreating security documentation\nTraining teams on security thinking\n\nDON'T USE WHEN:\n\nLack scope or authorization for security review\nNeed legal compliance certification (consult legal)\nOnly need automated scanning (use vulnerability-scanner)" }, { "title": "1. Define Scope", "body": "System boundaries\nAssets to protect\nTrust boundaries\nRegulatory requirements" }, { "title": "2. Create Data Flow Diagram", "body": "[User] → [Web App] → [API Gateway] → [Backend] → [Database]\n ↓\n [External API]" }, { "title": "3. Identify Assets & Entry Points", "body": "Assets: User data, credentials, business logic, infrastructure\nEntry Points: APIs, forms, file uploads, admin panels" }, { "title": "4. Apply STRIDE", "body": "Spoofing: Can someone impersonate?\nTampering: Can data be modified?\nRepudiation: Can actions be denied?\nInformation Disclosure: Can data leak?\nDenial of Service: Can availability be affected?\nElevation of Privilege: Can access be escalated?" }, { "title": "5. Build Attack Trees", "body": "Goal: Access Admin Panel\n├── Steal admin credentials\n│ ├── Phishing\n│ ├── Brute force\n│ └── Session hijacking\n├── Exploit vulnerability\n│ ├── SQL injection\n│ └── Auth bypass\n└── Social engineering\n └── Support desk compromise" }, { "title": "6. Score & Prioritize", "body": "Use DREAD or CVSS:\n\nDamage potential\nReproducibility\nExploitability\nAffected users\nDiscoverability" }, { "title": "7. Design Mitigations", "body": "Map threats to controls and validate coverage." }, { "title": "8. Document Residual Risks", "body": "What's accepted vs. mitigated." }, { "title": "STRIDE Analysis Template", "body": "ComponentSpoofingTamperingRepudiationInfo DisclosureDoSEoPWeb AppAuth bypassXSS, CSRFMissing logsError messagesRate limitBroken accessAPIToken theftInput manipNo auditData exposureResource exhaustPrivilege escalationDatabaseCredential theftSQL injectionNo audit trailBackup exposureConnection floodDirect access" }, { "title": "Application Layer", "body": "Injection (SQL, XSS, command)\nBroken authentication\nSensitive data exposure\nBroken access control\nSecurity misconfiguration\nUsing vulnerable components" }, { "title": "Network Layer", "body": "Man-in-the-middle\nEavesdropping\nReplay attacks\nDNS spoofing\nDDoS" }, { "title": "Infrastructure Layer", "body": "Unauthorized access\nMisconfigured services\nUnpatched systems\nWeak credentials\nExposed admin interfaces" }, { "title": "Human Layer", "body": "Phishing\nSocial engineering\nInsider threats\nCredential sharing" }, { "title": "Data Flow Diagram Elements", "body": "ElementSymbolDescriptionExternal EntityRectangleUsers, external systemsProcessCircleApplication logicData StoreParallel linesDatabase, cache, filesData FlowArrowData movementTrust BoundaryDashed lineSecurity perimeter" }, { "title": "Risk Prioritization Matrix", "body": "LOW IMPACT HIGH IMPACT\nHIGH LIKELIHOOD MEDIUM HIGH\nLOW LIKELIHOOD LOW MEDIUM" }, { "title": "DREAD Scoring (1-10 each)", "body": "FactorQuestionDamageHow bad if exploited?ReproducibilityHow easy to reproduce?ExploitabilityHow easy to attack?Affected UsersHow many impacted?DiscoverabilityHow easy to find?\n\nScore: Sum / 5 = Risk Level" }, { "title": "Input Validation", "body": "Whitelist validation\nParameterized queries\nOutput encoding\nContent-Type enforcement" }, { "title": "Authentication", "body": "MFA where possible\nStrong password policies\nAccount lockout\nSecure session management" }, { "title": "Authorization", "body": "Principle of least privilege\nRole-based access control\nResource ownership checks\nRegular permission audits" }, { "title": "Cryptography", "body": "TLS 1.2+ everywhere\nStrong key management\nSecure password hashing\nEncrypted data at rest" }, { "title": "Monitoring", "body": "Security event logging\nAnomaly detection\nAlert thresholds\nIncident response plan" }, { "title": "Best Practices", "body": "Involve developers in threat modeling sessions\nFocus on data flows, not just components\nConsider insider threats\nUpdate models with architecture changes\nLink threats to security requirements\nTrack mitigations to implementation\nReview regularly, not just at design time\nKeep models living documents" }, { "title": "Output Template", "body": "# Threat Model: [System Name]\n\n## Scope\n- Components in scope\n- Out of scope\n\n## Assets\n- Critical assets list\n\n## Trust Boundaries\n- Internal vs external\n- Admin vs user\n\n## Data Flow Diagram\n[DFD here]\n\n## STRIDE Analysis\n[Table here]\n\n## Prioritized Threats\n1. [High] Description - Mitigation\n2. [Medium] Description - Mitigation\n\n## Residual Risks\n- Accepted risks with justification\n\n## Review Schedule\n- Next review date" } ], "body": "Threat Modeling Expert\n\nExpert in threat modeling methodologies, security architecture review, and risk assessment using STRIDE, PASTA, attack trees, and security requirement extraction.\n\nDescription\n\nUSE WHEN:\n\nDesigning new systems or features (secure-by-design)\nReviewing architecture for security gaps\nPreparing for security audits\nIdentifying attack vectors and threat actors\nPrioritizing security investments\nCreating security documentation\nTraining teams on security thinking\n\nDON'T USE WHEN:\n\nLack scope or authorization for security review\nNeed legal compliance certification (consult legal)\nOnly need automated scanning (use vulnerability-scanner)\nCore Process\n1. Define Scope\nSystem boundaries\nAssets to protect\nTrust boundaries\nRegulatory requirements\n2. Create Data Flow Diagram\n[User] → [Web App] → [API Gateway] → [Backend] → [Database]\n ↓\n [External API]\n\n3. Identify Assets & Entry Points\nAssets: User data, credentials, business logic, infrastructure\nEntry Points: APIs, forms, file uploads, admin panels\n4. Apply STRIDE\nSpoofing: Can someone impersonate?\nTampering: Can data be modified?\nRepudiation: Can actions be denied?\nInformation Disclosure: Can data leak?\nDenial of Service: Can availability be affected?\nElevation of Privilege: Can access be escalated?\n5. Build Attack Trees\nGoal: Access Admin Panel\n├── Steal admin credentials\n│ ├── Phishing\n│ ├── Brute force\n│ └── Session hijacking\n├── Exploit vulnerability\n│ ├── SQL injection\n│ └── Auth bypass\n└── Social engineering\n └── Support desk compromise\n\n6. Score & Prioritize\n\nUse DREAD or CVSS:\n\nDamage potential\nReproducibility\nExploitability\nAffected users\nDiscoverability\n7. Design Mitigations\n\nMap threats to controls and validate coverage.\n\n8. Document Residual Risks\n\nWhat's accepted vs. mitigated.\n\nSTRIDE Analysis Template\nComponent\tSpoofing\tTampering\tRepudiation\tInfo Disclosure\tDoS\tEoP\nWeb App\tAuth bypass\tXSS, CSRF\tMissing logs\tError messages\tRate limit\tBroken access\nAPI\tToken theft\tInput manip\tNo audit\tData exposure\tResource exhaust\tPrivilege escalation\nDatabase\tCredential theft\tSQL injection\tNo audit trail\tBackup exposure\tConnection flood\tDirect access\nThreat Categories by Layer\nApplication Layer\nInjection (SQL, XSS, command)\nBroken authentication\nSensitive data exposure\nBroken access control\nSecurity misconfiguration\nUsing vulnerable components\nNetwork Layer\nMan-in-the-middle\nEavesdropping\nReplay attacks\nDNS spoofing\nDDoS\nInfrastructure Layer\nUnauthorized access\nMisconfigured services\nUnpatched systems\nWeak credentials\nExposed admin interfaces\nHuman Layer\nPhishing\nSocial engineering\nInsider threats\nCredential sharing\nData Flow Diagram Elements\nElement\tSymbol\tDescription\nExternal Entity\tRectangle\tUsers, external systems\nProcess\tCircle\tApplication logic\nData Store\tParallel lines\tDatabase, cache, files\nData Flow\tArrow\tData movement\nTrust Boundary\tDashed line\tSecurity perimeter\nRisk Prioritization Matrix\n LOW IMPACT HIGH IMPACT\nHIGH LIKELIHOOD MEDIUM HIGH\nLOW LIKELIHOOD LOW MEDIUM\n\nDREAD Scoring (1-10 each)\nFactor\tQuestion\nDamage\tHow bad if exploited?\nReproducibility\tHow easy to reproduce?\nExploitability\tHow easy to attack?\nAffected Users\tHow many impacted?\nDiscoverability\tHow easy to find?\n\nScore: Sum / 5 = Risk Level\n\nMitigation Strategies\nInput Validation\nWhitelist validation\nParameterized queries\nOutput encoding\nContent-Type enforcement\nAuthentication\nMFA where possible\nStrong password policies\nAccount lockout\nSecure session management\nAuthorization\nPrinciple of least privilege\nRole-based access control\nResource ownership checks\nRegular permission audits\nCryptography\nTLS 1.2+ everywhere\nStrong key management\nSecure password hashing\nEncrypted data at rest\nMonitoring\nSecurity event logging\nAnomaly detection\nAlert thresholds\nIncident response plan\nBest Practices\nInvolve developers in threat modeling sessions\nFocus on data flows, not just components\nConsider insider threats\nUpdate models with architecture changes\nLink threats to security requirements\nTrack mitigations to implementation\nReview regularly, not just at design time\nKeep models living documents\nOutput Template\n# Threat Model: [System Name]\n\n## Scope\n- Components in scope\n- Out of scope\n\n## Assets\n- Critical assets list\n\n## Trust Boundaries\n- Internal vs external\n- Admin vs user\n\n## Data Flow Diagram\n[DFD here]\n\n## STRIDE Analysis\n[Table here]\n\n## Prioritized Threats\n1. [High] Description - Mitigation\n2. [Medium] Description - Mitigation\n\n## Residual Risks\n- Accepted risks with justification\n\n## Review Schedule\n- Next review date" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/brandonwise/threat-modeling", "publisherUrl": "https://clawhub.ai/brandonwise/threat-modeling", "owner": "brandonwise", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/threat-modeling", "downloadUrl": "https://openagent3.xyz/downloads/threat-modeling", "agentUrl": "https://openagent3.xyz/skills/threat-modeling/agent", "manifestUrl": "https://openagent3.xyz/skills/threat-modeling/agent.json", "briefUrl": "https://openagent3.xyz/skills/threat-modeling/agent.md" } }