threat-model-creator

Threat Model Creator - Auto-activating skill for Security Advanced. Triggers on: threat model creator, threat model creator Part of the Security Advanced skill category.

1.02x

Quality

Does it follow best practices?

Impact

99%

1.02x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/threat-model-creator/SKILL.md

Evaluation results

98%

Authentication System Security Review

Structured threat modeling methodology

Criteria

Without context

With context

Named methodology

100%

Threat categories covered

100%

Step-by-step structure

80%

Attack scenario descriptions

100%

Risk rating

100%

Trust boundaries identified

100%

Standards reference

80%

100%

Mitigations file present

100%

Authentication-specific threats

100%

Component coverage

100%

Without context: $0.3429 · 2m 41s · 13 turns · 14 in / 7,723 out tokens

With context: $0.6408 · 3m 58s · 25 turns · 283 in / 11,687 out tokens

100%

Customer Data Platform — Compliance Security Assessment

Compliance-aligned threat model with standards validation

Criteria

Without context

With context

SOC2 criteria referenced

100%

GDPR articles referenced

100%

Compliance mapping file produced

100%

PHI/PII threat coverage

100%

Cloud component threats

100%

Third-party integration risks

100%

Industry framework referenced

100%

Structured methodology applied

50%

100%

Risk prioritization present

100%

Mitigation recommendations

100%

No placeholder content

100%

Without context: $0.3892 · 2m 55s · 12 turns · 13 in / 9,396 out tokens

With context: $0.7683 · 4m 40s · 23 turns · 104 in / 15,770 out tokens

100%

API Gateway Security Hardening

Production-ready security configurations from threat model

Criteria

Without context

With context

Config files produced

100%

Configs are non-trivial

100%

Named security standard

100%

Step-by-step structure

90%

100%

Auth/OAuth threats covered

100%

API-specific threats covered

100%

NGINX config present

100%

Risk severity ratings

100%

Configs match threats

100%

Methodology applied

100%

Without context: $0.8326 · 4m 44s · 26 turns · 27 in / 17,015 out tokens

With context: $0.8464 · 4m 28s · 29 turns · 29 in / 16,097 out tokens

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 994edc4

Evaluated: 18 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Authentication System Security Review Customer Data Platform — Compliance Security Assessment API Gateway Security Hardening

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.