一键在 Manus 中运行任何 Skill

threat-model

星标1

分支0

更新时间2026年6月15日 11:45

Generate a STRIDE-based threat model from codebase and architecture analysis. Identifies assets, trust boundaries, data flows, threats, and mitigations. Language-agnostic.

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

abhiunix

abhiunix/community-registry

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Threat Model Generator

When asked to create a threat model, analyze the codebase and generate a structured threat model using the STRIDE methodology.

Step 1: System Discovery

Map the system by examining the codebase:

Entry points: API routes, web handlers, CLI commands, message consumers, cron jobs
Data stores: Databases, caches, file systems, object storage, message queues
External services: Third-party APIs, OAuth providers, payment gateways, email services
Authentication mechanisms: How users prove identity (JWT, sessions, API keys, OAuth)
User roles: Admin, regular user, anonymous, service accounts, internal services
Deployment: Docker, k8s, cloud services (check Dockerfile, docker-compose, terraform, CI configs)

Step 2: Identify Assets

List what an attacker would want:

Data assets: User PII, credentials, payment data, business data, API keys, session tokens
System assets: Server access, database access, admin panels, CI/CD pipelines
Reputation assets: Brand trust, user confidence, compliance status

For each asset, note:

Where it's stored
How it's transmitted
Who has access
What protection exists

Step 3: Map Trust Boundaries

Identify where trust levels change:

External → Application: User browsers/clients to your API
Application → Database: App server to data stores
Application → External Service: Your app to third-party APIs
Public → Authenticated: Before and after login
User → Admin: Regular user context vs admin context
Service → Service: Internal microservice communication
CI/CD → Production: Build pipeline to deployment

Step 4: STRIDE Analysis

For each trust boundary and data flow, analyze threats using STRIDE:

S — Spoofing (Identity)

Can an attacker pretend to be someone else?

Check: authentication strength, token forgery, session hijacking, credential stuffing
Look for: weak JWT validation, missing auth middleware, shared API keys

T — Tampering (Data Integrity)

Can an attacker modify data they shouldn't?

Check: input validation, mass assignment, unsigned data, SQL injection
Look for: unprotected API fields, missing CSRF tokens, unsigned cookies

R — Repudiation (Accountability)

Can an attacker deny their actions?

Check: audit logging, log integrity, transaction records
Look for: missing security event logging, no request correlation IDs, deletable logs

I — Information Disclosure

Can an attacker access data they shouldn't see?

Check: error messages, verbose logging, debug endpoints, directory listing, IDOR
Look for: stack traces in responses, PII in logs, exposed internal endpoints

D — Denial of Service

Can an attacker make the system unavailable?

Check: rate limiting, resource limits, input size limits, query complexity
Look for: unbounded queries, missing rate limits, no pagination, no request timeouts

E — Elevation of Privilege

Can an attacker gain higher access than intended?

Check: authorization checks, role validation, admin endpoint protection
Look for: missing authz middleware, IDOR, mass assignment of role fields, path traversal

Step 5: Risk Rating

Rate each threat using:

Factor	Low (1)	Medium (2)	High (3)
Likelihood	Requires internal access + deep knowledge	Requires some skill or access	Exploitable by anyone with basic tools
Impact	Minor inconvenience	Data loss or partial compromise	Full system compromise or major data breach

Risk = Likelihood x Impact

1-2: Low risk
3-4: Medium risk
6: High risk
9: Critical risk

Output Format

## Threat Model: [Application Name]

### 1. System Overview
Brief description of what the system does and its architecture.

### 2. Assets
| Asset | Location | Sensitivity | Current Protection |
|-------|----------|-------------|-------------------|
| User passwords | PostgreSQL users table | Critical | bcrypt hashed |
| ... | ... | ... | ... |

### 3. Trust Boundaries
- [Boundary 1]: Description and what crosses it
- [Boundary 2]: ...

### 4. Threats

#### [T-001] Threat title
- **STRIDE Category:** Spoofing / Tampering / Repudiation / Info Disclosure / DoS / Elevation
- **Trust Boundary:** Where this threat applies
- **Attack Scenario:** How an attacker would exploit this
- **Likelihood:** Low / Medium / High
- **Impact:** Low / Medium / High
- **Risk:** Low / Medium / High / Critical
- **Existing Mitigations:** What's already in place
- **Recommended Mitigations:** What should be added
- **Priority:** Fix now / Next sprint / Backlog

### 5. Data Flow Diagram (Text)
Describe the main data flows in text form:
  User → [HTTPS] → Load Balancer → [HTTP] → App Server → [TLS] → Database

### 6. Recommendations Summary
Ordered by priority:
1. Critical: ...
2. High: ...
3. Medium: ...

Rules

Base the model on actual code, not assumptions — read the codebase
Focus on realistic threats, not theoretical edge cases
If you can't determine something from the code, ask the user
Keep the model proportional to the system size — a small CRUD app doesn't need 50 threats
Call out what the project does well — good security decisions should be acknowledged
Prioritize actionable mitigations over theoretical concerns
If architecture diagrams or docs exist in the repo, reference them

同仓库更多 Skills

同仓库

humanizer

abhiunix/community-registry

Remove signs of AI-generated writing from text. Use when editing or reviewing text to make it sound more natural and human-written. Based on Wikipedia's comprehensive "Signs of AI writing" guide. Detects and fixes patterns including: inflated symbolism, promotional language, superficial -ing analyses, vague attributions, em dash overuse, rule of three, AI vocabulary words, negative parallelisms, and excessive conjunctive phrases.

2026-06-151

api-endpoint-scaffolder

abhiunix/community-registry

Scaffolds REST API endpoints with route handler, validation, error handling, and tests. Use when asked to create a new API endpoint or route.

2026-06-151

git-commit-reviewer

abhiunix/community-registry

Reviews staged git changes and provides feedback on code quality, potential bugs, and security issues before committing. Use when asked to review changes or before creating a commit.

2026-06-151

react-component-generator

abhiunix/community-registry

Generates production-ready React components with TypeScript, Tailwind CSS, proper accessibility, and test scaffolding. Use when asked to create a new React component.

2026-06-151

skill-creator

abhiunix/community-registry

Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".

2026-06-151

secure-code-review

abhiunix/community-registry

Security-focused code review for staged changes or specified files. Checks for injection, auth flaws, crypto misuse, data exposure, and insecure patterns. Works with any language.

2026-06-151

name	threat-model
description	Generate a STRIDE-based threat model from codebase and architecture analysis. Identifies assets, trust boundaries, data flows, threats, and mitigations. Language-agnostic.
license	MIT
allowed-tools	["Read","Glob","Grep","Bash","AskUserQuestion"]

Threat Model Generator

When asked to create a threat model, analyze the codebase and generate a structured threat model using the STRIDE methodology.

Step 1: System Discovery

Map the system by examining the codebase:

Entry points: API routes, web handlers, CLI commands, message consumers, cron jobs
Data stores: Databases, caches, file systems, object storage, message queues
External services: Third-party APIs, OAuth providers, payment gateways, email services
Authentication mechanisms: How users prove identity (JWT, sessions, API keys, OAuth)
User roles: Admin, regular user, anonymous, service accounts, internal services
Deployment: Docker, k8s, cloud services (check Dockerfile, docker-compose, terraform, CI configs)

Step 2: Identify Assets

List what an attacker would want:

Data assets: User PII, credentials, payment data, business data, API keys, session tokens
System assets: Server access, database access, admin panels, CI/CD pipelines
Reputation assets: Brand trust, user confidence, compliance status

For each asset, note:

Where it's stored
How it's transmitted
Who has access
What protection exists

Step 3: Map Trust Boundaries

Identify where trust levels change:

External → Application: User browsers/clients to your API
Application → Database: App server to data stores
Application → External Service: Your app to third-party APIs
Public → Authenticated: Before and after login
User → Admin: Regular user context vs admin context
Service → Service: Internal microservice communication
CI/CD → Production: Build pipeline to deployment

Step 4: STRIDE Analysis

For each trust boundary and data flow, analyze threats using STRIDE:

S — Spoofing (Identity)

Can an attacker pretend to be someone else?

Check: authentication strength, token forgery, session hijacking, credential stuffing
Look for: weak JWT validation, missing auth middleware, shared API keys

T — Tampering (Data Integrity)

Can an attacker modify data they shouldn't?

Check: input validation, mass assignment, unsigned data, SQL injection
Look for: unprotected API fields, missing CSRF tokens, unsigned cookies

R — Repudiation (Accountability)

Can an attacker deny their actions?

Check: audit logging, log integrity, transaction records
Look for: missing security event logging, no request correlation IDs, deletable logs

I — Information Disclosure

Can an attacker access data they shouldn't see?

Check: error messages, verbose logging, debug endpoints, directory listing, IDOR
Look for: stack traces in responses, PII in logs, exposed internal endpoints

D — Denial of Service

Can an attacker make the system unavailable?

Check: rate limiting, resource limits, input size limits, query complexity
Look for: unbounded queries, missing rate limits, no pagination, no request timeouts

E — Elevation of Privilege

Can an attacker gain higher access than intended?

Check: authorization checks, role validation, admin endpoint protection
Look for: missing authz middleware, IDOR, mass assignment of role fields, path traversal

Step 5: Risk Rating

Rate each threat using:

Factor	Low (1)	Medium (2)	High (3)
Likelihood	Requires internal access + deep knowledge	Requires some skill or access	Exploitable by anyone with basic tools
Impact	Minor inconvenience	Data loss or partial compromise	Full system compromise or major data breach

Risk = Likelihood x Impact

1-2: Low risk
3-4: Medium risk
6: High risk
9: Critical risk

Output Format

## Threat Model: [Application Name]

### 1. System Overview
Brief description of what the system does and its architecture.

### 2. Assets
| Asset | Location | Sensitivity | Current Protection |
|-------|----------|-------------|-------------------|
| User passwords | PostgreSQL users table | Critical | bcrypt hashed |
| ... | ... | ... | ... |

### 3. Trust Boundaries
- [Boundary 1]: Description and what crosses it
- [Boundary 2]: ...

### 4. Threats

#### [T-001] Threat title
- **STRIDE Category:** Spoofing / Tampering / Repudiation / Info Disclosure / DoS / Elevation
- **Trust Boundary:** Where this threat applies
- **Attack Scenario:** How an attacker would exploit this
- **Likelihood:** Low / Medium / High
- **Impact:** Low / Medium / High
- **Risk:** Low / Medium / High / Critical
- **Existing Mitigations:** What's already in place
- **Recommended Mitigations:** What should be added
- **Priority:** Fix now / Next sprint / Backlog

### 5. Data Flow Diagram (Text)
Describe the main data flows in text form:
  User → [HTTPS] → Load Balancer → [HTTP] → App Server → [TLS] → Database

### 6. Recommendations Summary
Ordered by priority:
1. Critical: ...
2. High: ...
3. Medium: ...

Rules

Base the model on actual code, not assumptions — read the codebase
Focus on realistic threats, not theoretical edge cases
If you can't determine something from the code, ask the user
Keep the model proportional to the system size — a small CRUD app doesn't need 50 threats
Call out what the project does well — good security decisions should be acknowledged
Prioritize actionable mitigations over theoretical concerns
If architecture diagrams or docs exist in the repo, reference them