Execute qualquer Skill no Manus
com um clique

Execute qualquer Skill no Manus com um clique

$pwd:

phase-7-5-code-validation

Name: Phase 7 5 Code Validation
Author: awslabs

// Phase 7.5 Code Validation guide. Use when validating threats against actual code, checking which security controls are implemented, or generating remediation reports.

Executar no Manus

$ git log --oneline --stat

stars:60

forks:9

updated:24 de abril de 2026 às 21:42

SKILL.md

readonly

name	phase-7-5-code-validation
description	Phase 7.5 Code Validation guide. Use when validating threats against actual code, checking which security controls are implemented, or generating remediation reports.

Phase 7.5: Code Validation Analysis

Objective

Validate which security controls are already implemented in the codebase and update the threat model to reflect actual implementation state. This phase only runs when code is detected in the project.

Tools Reference

validate_security_controls(directory, file_patterns)

Scans the codebase for implemented security controls.

directory: Path to scan (default: ".")
file_patterns: Optional list of file patterns (e.g., [".py", ".js"])

validate_threat_remediation(directory, file_patterns)

Checks which identified threats are already mitigated by code.

Compares threat model against actual implementation
Generates remediation status per threat

generate_remediation_report()

Creates a comprehensive report including:

Fully remediated threats
Partially remediated threats
Unremediated threats
Detected controls summary
Security score (0.0 to 1.0)

Status Update Tools

update_threat(id, status=...) -- Update threat status based on findings
update_mitigation(id, status=...) -- Update mitigation status
add_assumption(description, category, impact, rationale) -- Document code-based assumptions

Remediation Statuses

Threat Statuses

Status	When to Use
threatIdentified	Still needs attention (default)
threatResolved	Code fully mitigates this threat
threatResolvedNotUseful	Threat not applicable given implementation

Mitigation Statuses

Status	When to Use
mitigationIdentified	Not yet implemented
mitigationInProgress	Partially implemented in code
mitigationResolved	Fully implemented in code
mitigationResolvedWillNotAction	Decided not to implement

What Code Validation Looks For

Security Control	Code Patterns
Input validation	Schema validation, sanitization, regex checks
Authentication	Auth middleware, JWT verification, session checks
Authorization	RBAC checks, permission decorators, policy enforcement
Encryption	TLS config, KMS usage, encryption libraries
Logging	Logger calls, audit trail writes, CloudWatch/CloudTrail
Error handling	Try/catch, error sanitization, custom error pages
Rate limiting	Throttle middleware, API quota configs
CSRF protection	CSRF tokens, SameSite cookies

Workflow

Call get_phase_7_5_guidance()
Call validate_security_controls() on the project directory
Call validate_threat_remediation() to match threats against code
Call generate_remediation_report() for comprehensive analysis
Update threat statuses based on findings with update_threat()
Update mitigation statuses with update_mitigation()
Document findings as assumptions: "Code analysis confirms TLS is enforced on all API endpoints"

Completion Criteria

validate_security_controls() executed
validate_threat_remediation() executed
generate_remediation_report() generated
Threat statuses updated for code-mitigated threats
Mitigation statuses updated for implemented controls
Code-based assumptions documented
Call advance_phase() to proceed to Phase 8

related-skills.json

mesmo repositório

phase-1-business-context.md

from "awslabs/threat-modeling-mcp-server"

Phase 1 Business Context Analysis guide. Use when starting a threat model, setting business context, or configuring business features like industry sector, data sensitivity, and regulatory requirements.

2026-04-2460

phase-2-architecture.md

from "awslabs/threat-modeling-mcp-server"

Phase 2 Architecture Analysis guide. Use when documenting system components, connections, data stores, or analyzing technical architecture for threat modeling.

2026-04-2460

phase-3-threat-actors.md

from "awslabs/threat-modeling-mcp-server"

Phase 3 Threat Actor Analysis guide. Use when identifying threat actors, setting relevance and priority, or analyzing who might attack the system.

2026-04-2460

phase-4-trust-boundaries.md

from "awslabs/threat-modeling-mcp-server"

Phase 4 Trust Boundary Analysis guide. Use when defining trust zones, crossing points, and security boundaries between system components.

2026-04-2460

phase-5-asset-flows.md

from "awslabs/threat-modeling-mcp-server"

Phase 5 Asset Flow Analysis guide. Use when identifying valuable assets, tracking data flows, or analyzing how sensitive data moves through the system.

2026-04-2460

phase-6-threat-identification.md

from "awslabs/threat-modeling-mcp-server"

Phase 6 Threat Identification guide with STRIDE methodology reference. Use when identifying threats, categorizing security issues, applying STRIDE analysis, or assessing threat severity and likelihood.

2026-04-2460

package.json

"author": "awslabs"

"repository": "awslabs/threat-modeling-mcp-server"

Abrir repositório GitHub Ver repositórios do creator

$ install --global

$ download --local

Executar no Manus

$ useful --forSOC

Analistas de segurança da informaçãoInformática e Matemática15-1212L4

name	phase-7-5-code-validation
description	Phase 7.5 Code Validation guide. Use when validating threats against actual code, checking which security controls are implemented, or generating remediation reports.

Phase 7.5: Code Validation Analysis

Objective

Validate which security controls are already implemented in the codebase and update the threat model to reflect actual implementation state. This phase only runs when code is detected in the project.

Tools Reference

validate_security_controls(directory, file_patterns)

Scans the codebase for implemented security controls.

directory: Path to scan (default: ".")
file_patterns: Optional list of file patterns (e.g., [".py", ".js"])

validate_threat_remediation(directory, file_patterns)

Checks which identified threats are already mitigated by code.

Compares threat model against actual implementation
Generates remediation status per threat

generate_remediation_report()

Creates a comprehensive report including:

Fully remediated threats
Partially remediated threats
Unremediated threats
Detected controls summary
Security score (0.0 to 1.0)

Status Update Tools

update_threat(id, status=...) -- Update threat status based on findings
update_mitigation(id, status=...) -- Update mitigation status
add_assumption(description, category, impact, rationale) -- Document code-based assumptions

Remediation Statuses

Threat Statuses

Status	When to Use
threatIdentified	Still needs attention (default)
threatResolved	Code fully mitigates this threat
threatResolvedNotUseful	Threat not applicable given implementation

Mitigation Statuses

Status	When to Use
mitigationIdentified	Not yet implemented
mitigationInProgress	Partially implemented in code
mitigationResolved	Fully implemented in code
mitigationResolvedWillNotAction	Decided not to implement

What Code Validation Looks For

Security Control	Code Patterns
Input validation	Schema validation, sanitization, regex checks
Authentication	Auth middleware, JWT verification, session checks
Authorization	RBAC checks, permission decorators, policy enforcement
Encryption	TLS config, KMS usage, encryption libraries
Logging	Logger calls, audit trail writes, CloudWatch/CloudTrail
Error handling	Try/catch, error sanitization, custom error pages
Rate limiting	Throttle middleware, API quota configs
CSRF protection	CSRF tokens, SameSite cookies

Workflow

Call get_phase_7_5_guidance()
Call validate_security_controls() on the project directory
Call validate_threat_remediation() to match threats against code
Call generate_remediation_report() for comprehensive analysis
Update threat statuses based on findings with update_threat()
Update mitigation statuses with update_mitigation()
Document findings as assumptions: "Code analysis confirms TLS is enforced on all API endpoints"

Completion Criteria

validate_security_controls() executed
validate_threat_remediation() executed
generate_remediation_report() generated
Threat statuses updated for code-mitigated threats
Mitigation statuses updated for implemented controls
Code-based assumptions documented
Call advance_phase() to proceed to Phase 8

phase-7-5-code-validation

Phase 7.5: Code Validation Analysis

Objective

Tools Reference

validate_security_controls(directory, file_patterns)

validate_threat_remediation(directory, file_patterns)

generate_remediation_report()

Status Update Tools

Remediation Statuses

Threat Statuses

Mitigation Statuses

What Code Validation Looks For

Workflow

Completion Criteria

Mais deste repositório

Mais deste repositório

Phase 7.5: Code Validation Analysis

Objective

Tools Reference

validate_security_controls(directory, file_patterns)

validate_threat_remediation(directory, file_patterns)

generate_remediation_report()

Status Update Tools

Remediation Statuses

Threat Statuses

Mitigation Statuses

What Code Validation Looks For

Workflow

Completion Criteria