Skills Guide

Attack Tree Construction

VerifiedSafe

Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

Sby Skills Guide Bot
SecurityIntermediate
606/2/2026
Claude Code
#attack-tree#threat-modeling#security-analysis#risk-assessment#visualization

Recommended for

Claude CodeSecurity auditSecurity engineer

Our review

Build comprehensive attack trees to visualize threat paths and analyze security risks.

Strengths

  • Systematic visualization of complex attack scenarios.
  • Clear identification of defense gaps and priorities.
  • Effective communication of risks to stakeholders.
  • AND/OR structuring to model attack dependencies.

Limitations

  • Requires authorization and defined scope to use legally.
  • Can become very complex for large systems without supporting tools.
  • Does not replace a thorough risk analysis or penetration test.
When to use it

Use this skill when you need to visualize complex attack scenarios, identify defense gaps, or communicate security risks to stakeholders.

When not to use it

Do not use this skill if you lack authorization or a defined scope to model the system, or if the task is a general risk review without attack-path modeling.

Security analysis

Safe
Quality score85/100

The skill is purely analytical; it describes constructing attack trees without any executable commands, system modifications, or data exfiltration. No security risk.

No concerns found

Examples

Web application attack tree
Construct an attack tree for a web application to visualize potential threats, identify defense gaps, and prioritize mitigations.
Cloud infrastructure attack tree
Create an attack tree for a cloud infrastructure, identifying critical attack paths, annotating leaves with cost and skill, and recommending mitigations.
Authentication system attack tree
Develop an attack tree for the authentication system of our mobile app, using AND/OR decomposition, and map existing mitigations per branch.

name: attack-tree-construction description: Build comprehensive attack trees to visualize threat paths. Use when mapping attack scenarios, identifying defense gaps, or communicating security risks to stakeholders.

Attack Tree Construction

Systematic attack path visualization and analysis.

Use this skill when

  • Visualizing complex attack scenarios
  • Identifying defense gaps and priorities
  • Communicating risks to stakeholders
  • Planning defensive investments or test scopes

Do not use this skill when

  • You lack authorization or a defined scope to model the system
  • The task is a general risk review without attack-path modeling
  • The request is unrelated to security assessment or design

Instructions

  • Confirm scope, assets, and the attacker goal for the root node.
  • Decompose into sub-goals with AND/OR structure.
  • Annotate leaves with cost, skill, time, and detectability.
  • Map mitigations per branch and prioritize high-impact paths.
  • If detailed templates are required, open resources/implementation-playbook.md.

Safety

  • Share attack trees only with authorized stakeholders.
  • Avoid including sensitive exploit details unless required.

Resources

  • resources/implementation-playbook.md for detailed patterns, templates, and examples.
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin