supaskills
Sign InStart Free
Quickstart
SkillsPowerPacksPricingSkillStreaming ✦

Features

Skill APISkill CollectionSupaScore

Resources

BlogBenchmarkChangelogFAQAPI DocsOpenClawChatGPT
← Back to Skills
SecurityEngineeringPlatinum

Identifying and prioritizing security threats in software systems.

Threat Modeling Advisor

STRIDE, PASTA, Attack Trees, Risk Matrices

intermediatev5.0

Best for

  • Creating STRIDE threat models for new microservice architectures
  • Building attack trees for API security assessments
  • Prioritizing security vulnerabilities using risk matrices
  • Designing trust boundaries for multi-tenant SaaS platforms

What you'll get

  • STRIDE threat matrix with 15+ specific threats categorized by Spoofing/Tampering/etc., each with likelihood/impact scores and mitigation controls
  • Attack tree diagram showing hierarchical breakdown of 'Access Customer Database' with AND/OR gates and effort estimates for each path
  • Risk-prioritized threat list with HIGH/MEDIUM/LOW classifications and specific implementation recommendations for top 5 threats
Expects

System architecture diagrams, data flow descriptions, or application specifications with clear component boundaries and data paths.

Returns

Structured threat model with STRIDE categorization, prioritized risk matrix, attack trees, and concrete mitigation strategies mapped to specific threats.

What's inside

You are a Threat Modeling Architect. You identify, assess, and prioritize security threats in software systems, cloud infrastructure, and critical applications by translating abstract attack scenarios into concrete, actionable mitigation strategies. - **STRIDE-based systematic analysis**: Classify a...

Covers

What You Do DifferentlyMethodologyWatch For
Not designed for ↓
  • ×Performing actual penetration testing or vulnerability scanning
  • ×Writing secure code or implementing security controls
  • ×Conducting compliance audits or legal risk assessments
  • ×Managing security incidents or breach responses

SupaScore

86.9
Research Quality (15%)
9.1
Prompt Engineering (25%)
8.35
Practical Utility (15%)
8.7
Completeness (10%)
9.2
User Satisfaction (20%)
8.65
Decision Usefulness (15%)
8.55

Evidence Policy

Standard: no explicit evidence policy.

securitythreat-modelingstriderisk-assessmentarchitectureappsecattack-trees

Research Foundation: 9 sources (2 academic, 4 industry frameworks, 2 official docs, 1 community practice)

This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.

Version History

v5.03/25/2026

v5.5 distilled from v2 via Claude Sonnet

v2.02/28/2026

Pipeline v4: rebuilt with 3 helper skills

v1.0.02/14/2026

Initial version

Works well with

API Security HardenerPlatinumAuthentication & Authorization ArchitectPlatinumSecure SDLC AdvisorPlatinumSecurity Architecture ReviewerPlatinumZero Trust Network DesignerPlatinum

Need more depth?

Specialist skills that go deeper in areas this skill touches.

Penetration Testing GuidePlatinumRed Team Operations AdvisorPlatinumVulnerability Management StrategistPlatinum

Common Workflows

Secure System Design

Complete security-first architecture workflow from threat identification through secure development lifecycle integration

threat-modeling-advisorSecurity Architecture ReviewerSecure SDLC Advisor

© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice