بنقرة واحدة
create
Create a new threat model from description, template, import, or platform pull
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Create a new threat model from description, template, import, or platform pull
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Assign classes to unclassified components, boundaries, data flows, and data items
Auto-discover infrastructure components from codebase using the infrastructure-scout agent
Guided end-to-end threat modeling workflow — scope through validation and sync
Populate security attributes, MITRE ATT&CK references, credentials, and monitoring tools
Quality dashboard with score breakdown, gap analysis, and readiness assessment
Attack surface summary with component breakdown, trust boundary crossings, and control gap analysis
| name | create |
| description | Create a new threat model from description, template, import, or platform pull |
| agent | threat-modeler |
| argument-hint | [description or template] |
@../../docs/guidelines-layout.md @../../docs/guidelines-schema.md @../../docs/guidelines-examples.md
Create a new Dethernety threat model.
This skill is local-first: model files are created on disk now and synced to the platform later (via /dethereal:sync). Use built-in tools directly — do NOT invent scaffolding scripts, chained shell heredocs, or wrapper utilities.
| Operation | Tool to use |
|---|---|
| Create a directory | Bash with mkdir -p <path> |
| Write a JSON/Markdown file | Write tool, one call per file |
| Read an existing file | Read tool |
| Edit an existing file | Edit tool |
| Pull a model from platform (Pull mode only) | mcp__plugin_dethereal_dethereal__list_models then mcp__plugin_dethereal_dethereal__export_model |
| Validate the result | mcp__plugin_dethereal_dethereal__validate_model_json |
Do not:
Write once per filecat <<EOF > file.json) — use Write, which produces a reviewable diffmcp__plugin_dethereal_dethereal__create_threat_model from this skill — that tool requires platform auth and is invoked by /dethereal:sync push once the model is ready to publishIf $ARGUMENTS is provided, infer the entry point from the content:
If no arguments, present all 4 options:
If .dethernety/models.json does not exist or has no models, this is the user's first model. Use a welcoming tone, explain what a threat model captures, and provide extra guidance at each step.
Collect scope information through conversation. Ask naturally — don't present a form.
| Field | Required | Default | Guidance |
|---|---|---|---|
system_name | yes | — | From description or ask |
description | yes | — | 1-2 sentence architecture summary |
depth | no | architecture | Options: architecture, design, implementation |
modeling_intent | no | initial | Options: initial, security_review, compliance, incident_response |
compliance_drivers | no | [] | Ask if not mentioned: "Any compliance requirements?" |
crown_jewels | yes (≥1) | — | Ask: "What are the most valuable assets in this system?" |
exclusions | no | [] | Ask if multi-system: "Anything explicitly out of scope?" |
trust_assumptions | no | [] | Ask: "What do you explicitly trust? (e.g., cloud provider control plane, corporate network)" |
adversary_classes | no | — | Only for security_review or incident_response intent |
Write scope to <model-path>/.dethereal/scope.json.
Based on entry point:
Describe / Template:
Components:
1. [PROCESS] API Server — in Internal Network
2. [STORE] PostgreSQL — in Data Tier
3. [EXTERNAL_ENTITY] End Users — in Internet Zone
Boundaries:
Internet Zone / DMZ / Internal Network / Data Tier
Data Flows:
1. End Users → API Gateway: HTTP requests
2. API Gateway → API Server: Internal API calls
3. API Server → PostgreSQL: SQL queries
Confirm or adjust?
Import existing:
Agent(infrastructure-scout) for thorough scanningPull from platform:
mcp__plugin_dethereal_dethereal__list_models to show available platform modelsmcp__plugin_dethereal_dethereal__export_model to pull the modelDefault path: ./threat-models/<kebab-case-name>/.
Bash: mkdir -p <model-path>/.dethereal
Write tool — one tool call per file. No heredocs. No scaffolding scripts.| File | Content |
|---|---|
<model-path>/manifest.json | Model metadata: name, description, module references, files map |
<model-path>/structure.json | Boundary and component hierarchy with coordinates |
<model-path>/dataflows.json | Data flow connections array |
<model-path>/data-items.json | [] initially |
<model-path>/.dethereal/scope.json | Scope definition from Step 1 |
<model-path>/.dethereal/state.json | { "currentState": "SCOPE_DEFINED", "completedStates": ["INITIALIZED", "SCOPE_DEFINED"], "lastModified": "<ISO 8601>", "staleElements": [] } |
Use layout guidelines (imported above) for coordinate placement:
Use Read to load .dethernety/models.json at the project root if it exists, then Write an updated version. If it does not exist, Write a new file:
{
"version": 1,
"models": [
{ "name": "Model Name", "path": "./threat-models/model-name", "createdAt": "ISO timestamp" }
]
}
Append the new model entry to the existing models array (preserve existing entries).
Call mcp__plugin_dethereal_dethereal__validate_model_json to check structural validity.
Write README.md in the model directory per the threat-modeler's README Generation Protocol:
# <Model Name> with > Auto-generated by Dethereal. Do not edit.Quality: X/100 (Label)At create time, the README reflects the initial structure. It will be regenerated with richer content when the guided workflow (/dethereal:threat-model) completes.
[done] Model "System Name" created with N components, M data flows. Quality: X/100.
[next] /dethereal:discover (scan codebase for additional infrastructure)
If this is the user's first model, add:
Run /dethereal:help to see all available commands.