Threat Modeling Expert — 实用工具

v1.0.1

使用 STRIDE, PASTA, 和 attack trees. 分析 architectures 用于安全性 gaps, extract 安全性 requirements, build 数据 flow diagrams, 和 p...

0· 189·1 当前·1 累计

by @solomonneas (Solomon Neas)

AI模型访问

使用场景：使用Threat Modeling Expert — 实用工具进行AI模型访问使用Threat Modeling Expert — 实用工具

下载技能包

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

The skill is an instruction-only threat-modeling assistant whose declared purpose, runtime instructions, and lack of installs or credential requests are internally consistent.

评估建议

This skill is coherent and appears safe to install: it only provides high-level threat-modeling guidance and does not request credentials or install software. However, do not paste sensitive production secrets, credentials, or private keys into the model's prompts or threat models. Ensure you have authorization to share any architecture diagrams or data you submit, and treat outputs as advisory (not a replacement for hands-on security review or compliance certification).

详细分析 ▾

✓ 用途与能力

Name and description match the SKILL.md: it provides high-level threat modeling methods (STRIDE, PASTA, attack trees) and related activities. There are no unrelated requirements (no binaries, env vars, or installs) that conflict with the stated purpose.

✓ 指令范围

SKILL.md contains high-level, appropriate steps for threat modeling (define scope, DFDs, apply STRIDE, build attack trees, score threats, design mitigations). Instructions do not direct the agent to read system files, environment variables, or external endpoints, nor do they request collecting unrelated data.

✓ 安装机制

No install spec and no code files — the skill is instruction-only, so nothing is written to disk or fetched during install.

✓ 凭证需求

The skill requests no environment variables, credentials, or config paths. This is proportionate for a guidance/analysis skill.

✓ 持久化与权限

always is false and the skill does not request persistent system presence or elevated privileges. Autonomous invocation is allowed (platform default) but not itself a concern here.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.1

Link threats to security requirements

● 无害

安装命令

点击复制

官方npx clawhub@latest install threat-modeling-expert

镜像加速npx clawhub@latest install threat-modeling-expert --registry https://cn.longxiaskill.com 镜像可用

本土化适配说明

Threat Modeling Expert — 实用工具安装说明：安装命令：["openclaw skills install threat-modeling-expert","npx clawhub@latest install threat-modeling-expert"]

需要定制？告诉我你的需求 →

运行时依赖

版本

安装命令

本土化适配说明

相关技能推荐