원클릭으로
create
Create a new threat model from description, template, import, or platform pull
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Create a new threat model from description, template, import, or platform pull
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | create |
| description | Create a new threat model from description, template, import, or platform pull |
| agent | threat-modeler |
| argument-hint | [description or template] |
@../../docs/guidelines-layout.md @../../docs/guidelines-schema.md @../../docs/guidelines-examples.md
Create a new Dethernety threat model.
This skill is local-first: model files are created on disk now and synced to the platform later (via /dethereal:sync). Use built-in tools directly — do NOT invent scaffolding scripts, chained shell heredocs, or wrapper utilities.
| Operation | Tool to use |
|---|---|
| Create a directory | Bash with mkdir -p <path> |
| Write a JSON/Markdown file | Write tool, one call per file |
| Read an existing file | Read tool |
| Edit an existing file | Edit tool |
| Pull a model from platform (Pull mode only) | mcp__plugin_dethereal_dethereal__list_models then mcp__plugin_dethereal_dethereal__export_model |
| Validate the result | mcp__plugin_dethereal_dethereal__validate_model_json |
Do not:
Write once per filecat <<EOF > file.json) — use Write, which produces a reviewable diffmcp__plugin_dethereal_dethereal__create_threat_model from this skill — that tool requires platform auth and is invoked by /dethereal:sync push once the model is ready to publishIf $ARGUMENTS is provided, infer the entry point from the content:
If no arguments, present all 4 options:
If .dethernety/models.json does not exist or has no models, this is the user's first model. Use a welcoming tone, explain what a threat model captures, and provide extra guidance at each step.
Collect scope information through conversation. Ask naturally — don't present a form.
| Field | Required | Default | Guidance |
|---|---|---|---|
system_name | yes | — | From description or ask |
description | yes | — | 1-2 sentence architecture summary |
depth | no | architecture | Options: architecture, design, implementation |
modeling_intent | no | initial | Options: initial, security_review, compliance, incident_response |
compliance_drivers | no | [] | Ask if not mentioned: "Any compliance requirements?" |
crown_jewels | yes (≥1) | — | Ask: "What are the most valuable assets in this system?" |
exclusions | no | [] | Ask if multi-system: "Anything explicitly out of scope?" |
trust_assumptions | no | [] | Ask: "What do you explicitly trust? (e.g., cloud provider control plane, corporate network)" |
adversary_classes | no | — | Only for security_review or incident_response intent |
Write scope to <model-path>/.dethereal/scope.json.
Based on entry point:
Describe / Template:
Components:
1. [PROCESS] API Server — in Internal Network
2. [STORE] PostgreSQL — in Data Tier
3. [EXTERNAL_ENTITY] End Users — in Internet Zone
Boundaries:
Internet Zone / DMZ / Internal Network / Data Tier
Data Flows:
1. End Users → API Gateway: HTTP requests
2. API Gateway → API Server: Internal API calls
3. API Server → PostgreSQL: SQL queries
Confirm or adjust?
Import existing:
Agent(infrastructure-scout) for thorough scanningPull from platform:
mcp__plugin_dethereal_dethereal__list_models to show available platform modelsmcp__plugin_dethereal_dethereal__export_model to pull the modelDefault path: ./threat-models/<kebab-case-name>/.
Bash: mkdir -p <model-path>/.dethereal
Write tool — one tool call per file. No heredocs. No scaffolding scripts.| File | Content |
|---|---|
<model-path>/manifest.json | Model metadata: name, description, module references, files map |
<model-path>/structure.json | Boundary and component hierarchy with coordinates |
<model-path>/dataflows.json | Data flow connections array |
<model-path>/data-items.json | [] initially |
<model-path>/.dethereal/scope.json | Scope definition from Step 1 |
<model-path>/.dethereal/state.json | { "currentState": "SCOPE_DEFINED", "completedStates": ["INITIALIZED", "SCOPE_DEFINED"], "lastModified": "<ISO 8601>", "staleElements": [] } |
Use layout guidelines (imported above) for coordinate placement:
Use Read to load .dethernety/models.json at the project root if it exists, then Write an updated version. If it does not exist, Write a new file:
{
"version": 1,
"models": [
{ "name": "Model Name", "path": "./threat-models/model-name", "createdAt": "ISO timestamp" }
]
}
Append the new model entry to the existing models array (preserve existing entries).
Call mcp__plugin_dethereal_dethereal__validate_model_json to check structural validity.
Write README.md in the model directory per the threat-modeler's README Generation Protocol:
# <Model Name> with > Auto-generated by Dethereal. Do not edit.Quality: X/100 (Label)At create time, the README reflects the initial structure. It will be regenerated with richer content when the guided workflow (/dethereal:threat-model) completes.
[done] Model "System Name" created with N components, M data flows. Quality: X/100.
[next] /dethereal:discover (scan codebase for additional infrastructure)
If this is the user's first model, add:
Run /dethereal:help to see all available commands.
Assign classes to unclassified components, boundaries, data flows, and data items
Auto-discover infrastructure components from codebase using the infrastructure-scout agent
Guided end-to-end threat modeling workflow — scope through validation and sync
Populate security attributes, MITRE ATT&CK references, credentials, and monitoring tools
Quality dashboard with score breakdown, gap analysis, and readiness assessment
Attack surface summary with component breakdown, trust boundary crossings, and control gap analysis