threat-model-creator
Threat Model Creator - Auto-activating skill for Security Advanced. Triggers on: threat model creator, threat model creator Part of the Security Advanced skill category.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill threat-model-creatorOverall
score
19%
Does it follow best practices?
Validation for skill structure
Activation
7%This description is severely underdeveloped, consisting primarily of metadata rather than actionable content. It fails to explain what threat modeling capabilities the skill provides, lacks natural trigger terms users would actually say, and provides no guidance on when Claude should select this skill. The description appears to be a placeholder or auto-generated stub.
Suggestions
Add specific concrete actions the skill performs, e.g., 'Identifies attack vectors, analyzes system vulnerabilities, creates STRIDE-based threat assessments, generates threat matrices and mitigation recommendations.'
Include a 'Use when...' clause with natural trigger terms like 'security analysis', 'identify threats', 'attack surface', 'vulnerability assessment', 'risk analysis', 'STRIDE', 'security review'.
Remove the redundant duplicate trigger term and expand with variations users would naturally say when requesting threat modeling assistance.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description contains no concrete actions - only the name 'Threat Model Creator' and category information. It doesn't describe what the skill actually does (e.g., identify attack vectors, assess vulnerabilities, generate threat matrices). | 1 / 3 |
Completeness | The description fails to answer both 'what does this do' and 'when should Claude use it'. There's no explanation of capabilities and no explicit 'Use when...' clause with trigger guidance. | 1 / 3 |
Trigger Term Quality | The only trigger terms listed are 'threat model creator' repeated twice, which is redundant and unlikely to match natural user language. Missing common variations like 'security threats', 'attack surface', 'risk assessment', 'STRIDE', etc. | 1 / 3 |
Distinctiveness Conflict Risk | The term 'threat model' is somewhat specific to security domain, but 'Security Advanced' is vague and could overlap with other security-related skills. Without concrete actions, it's unclear how this differs from other security skills. | 2 / 3 |
Total | 5 / 12 Passed |
Implementation
0%This skill content is essentially a placeholder template with no substantive guidance on threat modeling. It contains only generic marketing-style language about capabilities without any actual instructions, methodologies, frameworks, or examples that would help Claude perform threat modeling tasks.
Suggestions
Add concrete threat modeling methodology (e.g., STRIDE, PASTA, or attack trees) with step-by-step instructions for each phase
Include executable examples showing how to document threats, such as a template for threat entries with asset, threat actor, attack vector, impact, and mitigations
Provide specific output formats (e.g., threat matrix template, data flow diagram conventions) that Claude should generate
Add validation checkpoints for reviewing threat model completeness and accuracy
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is padded with generic boilerplate that provides no actual value. Phrases like 'provides automated assistance' and 'follows industry best practices' are vague filler that Claude doesn't need. | 1 / 3 |
Actionability | No concrete guidance, code, commands, or specific instructions are provided. The skill describes what it does in abstract terms but never shows how to actually create a threat model. | 1 / 3 |
Workflow Clarity | No workflow is defined. Despite claiming to provide 'step-by-step guidance,' no actual steps, processes, or validation checkpoints are included. | 1 / 3 |
Progressive Disclosure | The content is a monolithic block of generic text with no structure pointing to detailed materials, examples, or references. No useful organization for discovery. | 1 / 3 |
Total | 4 / 12 Passed |
Validation
69%Validation — 11 / 16 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
description_trigger_hint | Description may be missing an explicit 'when to use' trigger hint (e.g., 'Use when...') | Warning |
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
metadata_version | 'metadata' field is not a dictionary | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
body_steps | No step-by-step structure detected (no ordered list); consider adding a simple workflow | Warning |
Total | 11 / 16 Passed | |
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.