threat-model-creator
Threat Model Creator - Auto-activating skill for Security Advanced. Triggers on: threat model creator, threat model creator Part of the Security Advanced skill category.
36
Quality
3%
Does it follow best practices?
Impact
99%
1.02xAverage score across 3 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./planned-skills/generated/04-security-advanced/threat-model-creator/SKILL.mdQuality
Discovery
7%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This description is essentially a placeholder with no substantive content. It only states the skill name and category without explaining what the skill does, what actions it performs, or when it should be selected. The redundant trigger terms and lack of any capability description make this ineffective for skill selection.
Suggestions
Add specific actions the skill performs, e.g., 'Creates threat models using STRIDE methodology, identifies attack vectors, maps data flows, and generates security recommendations'
Add a 'Use when...' clause with natural trigger terms like 'threat model', 'security analysis', 'attack surface', 'risk assessment', 'STRIDE', 'security threats'
Remove the redundant trigger term and replace with varied natural language users would actually say when needing threat modeling assistance
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description only names the skill ('Threat Model Creator') without describing any concrete actions. There are no verbs indicating what the skill actually does - no mention of creating, analyzing, identifying threats, or any specific capabilities. | 1 / 3 |
Completeness | The description fails to answer 'what does this do' beyond the name itself, and provides no 'when should Claude use it' guidance. The 'Triggers on' line is just the skill name repeated, not meaningful trigger conditions. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'threat model creator' repeated twice, which is redundant. Missing natural variations users would say like 'security threats', 'risk assessment', 'attack vectors', 'STRIDE', or 'threat analysis'. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'threat model' is somewhat specific to security domain, which provides some distinctiveness. However, without describing specific capabilities, it could overlap with other security-related skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill is essentially a placeholder with no substantive content. It describes what a threat modeling skill should do without providing any actual threat modeling guidance, methodologies (STRIDE, PASTA, etc.), templates, or executable examples. The entire content could be replaced with a single sentence and lose nothing of value.
Suggestions
Add concrete threat modeling methodology (e.g., STRIDE framework) with specific steps: 1. Identify assets, 2. Enumerate entry points, 3. Categorize threats by STRIDE categories, 4. Rate severity, 5. Define mitigations
Include a practical example showing threat model output format (e.g., a table with Asset, Threat, Category, Severity, Mitigation columns)
Provide executable templates or commands for common threat modeling tasks, such as generating a threat matrix or documenting attack surfaces
Reference specific frameworks or standards (OWASP Threat Modeling, Microsoft SDL) with links to detailed methodology files
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are vague filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete guidance, code, commands, or specific instructions are provided. The skill describes what it does in abstract terms but never shows how to actually create a threat model. | 1 / 3 |
Workflow Clarity | No workflow is defined. There are no steps, no process, no validation checkpoints - just vague claims about 'step-by-step guidance' without actually providing any steps. | 1 / 3 |
Progressive Disclosure | No structure beyond generic headings. No references to detailed materials, no examples, no links to frameworks or methodologies. The content is both shallow and poorly organized. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
994edc4
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.