Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

$pwd:

phase-2-architecture

Name: Phase 2 Architecture
Author: awslabs

// Phase 2 Architecture Analysis guide. Use when documenting system components, connections, data stores, or analyzing technical architecture for threat modeling.

Ejecutar en Manus

$ git log --oneline --stat

stars:60

forks:9

updated:24 de abril de 2026, 21:42

SKILL.md

readonly

name	phase-2-architecture
description	Phase 2 Architecture Analysis guide. Use when documenting system components, connections, data stores, or analyzing technical architecture for threat modeling.

Phase 2: Architecture Analysis

Objective

Document every component, connection, and data store in the system. This becomes the attack surface map for later phases.

Tools Reference

add_component(name, type, service_provider, specific_service, version, description, configuration)

Parameter	Required	Values
name	Yes	e.g., "API Gateway", "User Database"
type	Yes	Compute, Storage, Network, Security, Database, Messaging, Analytics, Container, Serverless, Other
service_provider	No	AWS, Azure, GCP, CNCF, On-Premise, Hybrid, Other
specific_service	No	e.g., "Lambda", "RDS", "API Gateway", "EC2"
version	No	e.g., "Python 3.9", "PostgreSQL 13"
description	No	What this component does
configuration	No	Dict of config details

add_connection(source_id, destination_id, protocol, port, encryption, description)

Parameter	Required	Values
source_id	Yes	Component ID (from add_component response)
destination_id	Yes	Component ID
protocol	No	HTTP, HTTPS, TCP, UDP, SSH, FTP, SMTP, WebSocket, gRPC, MQTT, Other
port	No	Integer port number
encryption	No	true/false
description	No	What flows over this connection

add_data_store(name, type, classification, encryption_at_rest, backup_frequency, description)

Parameter	Required	Values
name	Yes	e.g., "Customer PII Store"
type	Yes	Relational, NoSQL, Object Storage, File System, Cache, Data Warehouse, Graph, Time Series, Ledger, Other
classification	Yes	Public, Internal, Confidential, Restricted, Regulated
encryption_at_rest	No	true/false
backup_frequency	No	Hourly, Daily, Weekly, Monthly, Continuous, None
description	No	What data is stored

Other Phase 2 Tools

list_components() -- Review all components
list_connections() -- Review all connections
list_data_stores() -- Review all data stores
get_architecture_analysis_plan() -- AI-powered analysis guidance
clear_architecture() -- Start over if needed

Workflow

Call get_phase_2_guidance() for detailed instructions
Scan the codebase for services, APIs, databases, queues, caches, external integrations
Add components -- every distinct service, database, CDN, load balancer, etc.
Add connections -- map all communication paths with protocol and encryption status
Add data stores -- every place data persists, with classification
If AWS: Use search_documentation() to validate service security configs
Document assumptions about the architecture

What to Look For in Code

Code Pattern	Component Type
Dockerfile, ECS/EKS config	Container
Lambda handler, serverless.yml	Serverless
Database connection strings, ORM config	Database
S3 client, blob storage	Storage
API routes, REST/gRPC endpoints	Compute/Network
Queue/topic publishers/subscribers	Messaging
Redis/Memcached clients	Cache (Data Store)

Completion Criteria

All system components added
All inter-component connections mapped
All data stores documented with classification
list_components() shows comprehensive inventory
Call advance_phase() to proceed to Phase 3

Common Pitfalls

Forgetting external dependencies (third-party APIs, CDNs, DNS)
Not specifying encryption status on connections
Missing data stores (logs, caches, temp files are also data stores)
Not classifying data store sensitivity

related-skills.json

mismo repositorio

phase-1-business-context.md

from "awslabs/threat-modeling-mcp-server"

Phase 1 Business Context Analysis guide. Use when starting a threat model, setting business context, or configuring business features like industry sector, data sensitivity, and regulatory requirements.

2026-04-2460

phase-3-threat-actors.md

from "awslabs/threat-modeling-mcp-server"

Phase 3 Threat Actor Analysis guide. Use when identifying threat actors, setting relevance and priority, or analyzing who might attack the system.

2026-04-2460

phase-4-trust-boundaries.md

from "awslabs/threat-modeling-mcp-server"

Phase 4 Trust Boundary Analysis guide. Use when defining trust zones, crossing points, and security boundaries between system components.

2026-04-2460

phase-5-asset-flows.md

from "awslabs/threat-modeling-mcp-server"

Phase 5 Asset Flow Analysis guide. Use when identifying valuable assets, tracking data flows, or analyzing how sensitive data moves through the system.

2026-04-2460

phase-6-threat-identification.md

from "awslabs/threat-modeling-mcp-server"

Phase 6 Threat Identification guide with STRIDE methodology reference. Use when identifying threats, categorizing security issues, applying STRIDE analysis, or assessing threat severity and likelihood.

2026-04-2460

phase-7-5-code-validation.md

from "awslabs/threat-modeling-mcp-server"

Phase 7.5 Code Validation guide. Use when validating threats against actual code, checking which security controls are implemented, or generating remediation reports.

2026-04-2460

package.json

"author": "awslabs"

"repository": "awslabs/threat-modeling-mcp-server"

Abrir repositorio de GitHub Ver repositorios del creador

$ install --global

$ download --local

Ejecutar en Manus

$ useful --forSOC

Analistas de sistemas informáticosOcupaciones informáticas y matemáticas15-1211L4

name	phase-2-architecture
description	Phase 2 Architecture Analysis guide. Use when documenting system components, connections, data stores, or analyzing technical architecture for threat modeling.

Phase 2: Architecture Analysis

Objective

Document every component, connection, and data store in the system. This becomes the attack surface map for later phases.

Tools Reference

add_component(name, type, service_provider, specific_service, version, description, configuration)

Parameter	Required	Values
name	Yes	e.g., "API Gateway", "User Database"
type	Yes	Compute, Storage, Network, Security, Database, Messaging, Analytics, Container, Serverless, Other
service_provider	No	AWS, Azure, GCP, CNCF, On-Premise, Hybrid, Other
specific_service	No	e.g., "Lambda", "RDS", "API Gateway", "EC2"
version	No	e.g., "Python 3.9", "PostgreSQL 13"
description	No	What this component does
configuration	No	Dict of config details

add_connection(source_id, destination_id, protocol, port, encryption, description)

Parameter	Required	Values
source_id	Yes	Component ID (from add_component response)
destination_id	Yes	Component ID
protocol	No	HTTP, HTTPS, TCP, UDP, SSH, FTP, SMTP, WebSocket, gRPC, MQTT, Other
port	No	Integer port number
encryption	No	true/false
description	No	What flows over this connection

add_data_store(name, type, classification, encryption_at_rest, backup_frequency, description)

Parameter	Required	Values
name	Yes	e.g., "Customer PII Store"
type	Yes	Relational, NoSQL, Object Storage, File System, Cache, Data Warehouse, Graph, Time Series, Ledger, Other
classification	Yes	Public, Internal, Confidential, Restricted, Regulated
encryption_at_rest	No	true/false
backup_frequency	No	Hourly, Daily, Weekly, Monthly, Continuous, None
description	No	What data is stored

Other Phase 2 Tools

list_components() -- Review all components
list_connections() -- Review all connections
list_data_stores() -- Review all data stores
get_architecture_analysis_plan() -- AI-powered analysis guidance
clear_architecture() -- Start over if needed

Workflow

Call get_phase_2_guidance() for detailed instructions
Scan the codebase for services, APIs, databases, queues, caches, external integrations
Add components -- every distinct service, database, CDN, load balancer, etc.
Add connections -- map all communication paths with protocol and encryption status
Add data stores -- every place data persists, with classification
If AWS: Use search_documentation() to validate service security configs
Document assumptions about the architecture

What to Look For in Code

Code Pattern	Component Type
Dockerfile, ECS/EKS config	Container
Lambda handler, serverless.yml	Serverless
Database connection strings, ORM config	Database
S3 client, blob storage	Storage
API routes, REST/gRPC endpoints	Compute/Network
Queue/topic publishers/subscribers	Messaging
Redis/Memcached clients	Cache (Data Store)

Completion Criteria

All system components added
All inter-component connections mapped
All data stores documented with classification
list_components() shows comprehensive inventory
Call advance_phase() to proceed to Phase 3

Common Pitfalls

Forgetting external dependencies (third-party APIs, CDNs, DNS)
Not specifying encryption status on connections
Missing data stores (logs, caches, temp files are also data stores)
Not classifying data store sensitivity

phase-2-architecture

Phase 2: Architecture Analysis

Objective

Tools Reference

add_component(name, type, service_provider, specific_service, version, description, configuration)

add_connection(source_id, destination_id, protocol, port, encryption, description)

add_data_store(name, type, classification, encryption_at_rest, backup_frequency, description)

Other Phase 2 Tools

Workflow

What to Look For in Code

Completion Criteria

Common Pitfalls

Más de este repositorio

Más de este repositorio

Phase 2: Architecture Analysis

Objective

Tools Reference

add_component(name, type, service_provider, specific_service, version, description, configuration)

add_connection(source_id, destination_id, protocol, port, encryption, description)

add_data_store(name, type, classification, encryption_at_rest, backup_frequency, description)

Other Phase 2 Tools

Workflow

What to Look For in Code

Completion Criteria

Common Pitfalls