Skills Guide

Threat Model Status

VerifiedSafe

Displays a comprehensive overview of the threat model state, including asset counts, threat distribution by severity, control verification status, and compliance coverage. Use it to check threat model status, get an overview of security posture, or review the current state.

Sby Skills Guide Bot
SecurityIntermediate
506/2/2026
Claude Code
#threat-model#status#security-audit#compliance

Recommended for

Claude CodeSecurity auditSecurity engineer

Our review

Displays a comprehensive threat model status including asset counts, threat distribution, control verification status, and compliance coverage.

Strengths

  • Quick overview of security posture
  • Clear prioritization of unmitigated threats
  • Tracks compliance gaps per framework
  • Baseline comparison to detect changes

Limitations

  • Requires a pre-populated threat model
  • Compliance data depends on configured frameworks
  • Does not provide automatic remediation actions
When to use it

When you need a quick summary of the threat model state for a review or report.

When not to use it

If you need deep analysis of a specific threat or want to modify the model directly.

Security analysis

Safe
Quality score92/100

This skill only reads and displays threat model status information using Read and Glob tools. No destructive, network, or obfuscated commands are used. No sensitive data exfiltration or system modification capabilities.

No concerns found

Examples

Full threat model status
/tm-status
Threat summary only
/tm-status --section threats
Status as JSON
/tm-status --format json

name: tm-status description: Show current threat model status including asset counts, threat distribution, control verification status, and compliance coverage. Use when checking threat model status, getting overview of security posture, or reviewing current state. allowed-tools: Read, Glob

Threat Model Status

Purpose

Display a comprehensive overview of the current threat model state:

  • Asset and component counts
  • Threat distribution by severity
  • Control verification status
  • Gap summary
  • Compliance coverage
  • Baseline comparison

Usage

/tm-status [--format text|json] [--section <name>]

Arguments:

  • --format: Output format (default: text)
  • --section: Show specific section only (discovery, threats, controls, compliance)

Status Sections

Discovery Summary

  • Total assets by type
  • Total data flows
  • Trust boundaries defined
  • Attack surface entries

Threat Summary

  • Total threats
  • Distribution by severity
  • Distribution by STRIDE category
  • Unmitigated threats count

Control Summary

  • Total required controls
  • Implemented vs partial vs missing
  • Verification status
  • Recent changes

Gap Summary

  • Total gaps
  • Distribution by severity
  • Top priority gaps

Compliance Summary

  • Coverage by framework
  • Critical compliance gaps

Baseline Comparison

  • Days since last baseline
  • Changes since baseline

Output Format

Text Output

═══════════════════════════════════════════════════════════════
                    THREAT MODEL STATUS
═══════════════════════════════════════════════════════════════

Project: My Application v1.0.0
Framework: STRIDE
Last Updated: 2025-01-20 14:30:00
Baseline: 2025-01-15 (5 days ago)

───────────────────────────────────────────────────────────────
                       DISCOVERY
───────────────────────────────────────────────────────────────

Assets: 14 total
  ├── Data Stores:    3  ████████████░░░░░░░░  21%
  ├── Services:       6  ████████████████████░  43%
  ├── Clients:        3  ████████████░░░░░░░░  21%
  └── Integrations:   2  ████████░░░░░░░░░░░░  14%

Data Flows: 22 total
  └── Crossing trust boundaries: 8 (36%)

Trust Boundaries: 5
  ├── Network:     2
  ├── Privilege:   2
  └── Environment: 1

Attack Surface: 12 entries
  ├── Public:     5  ████████████████░░░░  42%
  ├── Internal:   5  ████████████████░░░░  42%
  └── Restricted: 2  ██████░░░░░░░░░░░░░░  17%

───────────────────────────────────────────────────────────────
                        THREATS
───────────────────────────────────────────────────────────────

Total: 47 threats

By Severity:
  ├── Critical:  5  ██████░░░░░░░░░░░░░░  11%
  ├── High:     12  ████████████░░░░░░░░  26%
  ├── Medium:   18  ██████████████████░░  38%
  └── Low:      12  ████████████░░░░░░░░  26%

By STRIDE Category:
  ├── Spoofing:              8
  ├── Tampering:            10
  ├── Repudiation:           4
  ├── Information Disclosure: 9
  ├── Denial of Service:     7
  └── Elevation of Privilege: 9

Unmitigated Critical Threats: 3
  1. THREAT-001: Credential Stuffing (8.5)
  2. THREAT-002: SQL Injection (8.2)
  3. THREAT-003: JWT Token Theft (8.0)

───────────────────────────────────────────────────────────────
                       CONTROLS
───────────────────────────────────────────────────────────────

Total Required: 29

Implementation Status:
  ├── Implemented: 18  ████████████████████░  62%
  ├── Partial:      7  ████████░░░░░░░░░░░░  24%
  └── Missing:      4  █████░░░░░░░░░░░░░░░  14%

Verification Status:
  ├── Verified:   18  ████████████████████░  62%
  ├── Unverified:  7  ████████░░░░░░░░░░░░  24%
  └── Failed:      4  █████░░░░░░░░░░░░░░░  14%

───────────────────────────────────────────────────────────────
                         GAPS
───────────────────────────────────────────────────────────────

Total: 11 gaps

By Severity:
  ├── Critical: 2  ████░░░░░░░░░░░░░░░░  18%
  ├── High:     4  ████████░░░░░░░░░░░░  36%
  ├── Medium:   3  ██████░░░░░░░░░░░░░░  27%
  └── Low:      2  ████░░░░░░░░░░░░░░░░  18%

Top Priority Gaps:
  1. [CRITICAL] GAP-001: MFA not enforced
  2. [CRITICAL] GAP-002: SQL injection in legacy
  3. [HIGH] GAP-003: Rate limiting missing
  4. [HIGH] GAP-004: Session fixation

───────────────────────────────────────────────────────────────
                      COMPLIANCE
───────────────────────────────────────────────────────────────

OWASP Top 10 2021:
  Overall: 82%
  ├── A01 Access Control:    85%  █████████░░░
  ├── A02 Crypto Failures:  100%  ████████████
  ├── A03 Injection:         70%  ████████░░░░
  ├── A04 Insecure Design:   55%  ██████░░░░░░
  └── ...

SOC2:
  Overall: 88%
  ├── CC6.1 Access:          90%  ███████████░
  ├── CC6.2 Auth:            80%  ██████████░░
  └── ...

───────────────────────────────────────────────────────────────
                     RECOMMENDATIONS
───────────────────────────────────────────────────────────────

Immediate Actions:
  1. [CRITICAL] Implement MFA enforcement
  2. [CRITICAL] Fix SQL injection in legacy module
  3. [HIGH] Add rate limiting to password reset
  4. [HIGH] Fix session fixation vulnerability

───────────────────────────────────────────────────────────────
                      QUICK ACTIONS
───────────────────────────────────────────────────────────────

/tm-threats --focus asset-015    Analyze new assets
/tm-verify --thorough            Deep verification
/tm-report                       Generate full report
/tm-drift --create-baseline      Create new baseline

═══════════════════════════════════════════════════════════════

JSON Output

{
  "project": {
    "name": "My Application",
    "version": "1.0.0",
    "framework": "STRIDE",
    "last_updated": "2025-01-20T14:30:00Z"
  },
  "discovery": {
    "assets": {
      "total": 14,
      "by_type": {
        "data-store": 3,
        "service": 6,
        "client": 3,
        "integration": 2
      }
    },
    "dataflows": {
      "total": 22,
      "crossing_boundaries": 8
    },
    "trust_boundaries": 5,
    "attack_surface": {
      "total": 12,
      "by_exposure": {
        "public": 5,
        "internal": 5,
        "restricted": 2
      }
    }
  },
  "threats": {
    "total": 47,
    "by_severity": {
      "critical": 5,
      "high": 12,
      "medium": 18,
      "low": 12
    },
    "by_category": {
      "spoofing": 8,
      "tampering": 10,
      "repudiation": 4,
      "information-disclosure": 9,
      "denial-of-service": 7,
      "elevation-of-privilege": 9
    },
    "unmitigated_critical": 3
  },
  "controls": {
    "total": 29,
    "by_status": {
      "implemented": 18,
      "partial": 7,
      "missing": 4
    },
    "verification": {
      "verified": 18,
      "unverified": 7,
      "failed": 4
    }
  },
  "gaps": {
    "total": 11,
    "by_severity": {
      "critical": 2,
      "high": 4,
      "medium": 3,
      "low": 2
    }
  },
  "compliance": {
    "owasp": {
      "overall": 82,
      "gaps": 5
    },
    "soc2": {
      "overall": 88,
      "gaps": 3
    }
  },
  "baseline": {
    "date": "2025-01-15",
    "days_ago": 5,
    "changes_since": {
      "assets_added": 2,
      "threats_added": 5,
      "controls_changed": 2
    }
  }
}

Instructions for Claude

When executing this skill:

  1. Check for threat model:

    • Look for .threatmodel/ directory
    • If not found, report and suggest /tm-init

  2. Load all state files:

    • Read assets.json, dataflows.json, etc.
    • Read config.yaml for project info
    • Check for baseline files

  3. Calculate statistics:

    • Count items in each category
    • Calculate percentages
    • Identify top items

  4. Format output:

    • Use box drawing characters for text
    • Include progress bars for percentages
    • Highlight critical items

  5. Provide recommendations:

    • Based on current state
    • Suggest next actions

  6. Display status:

    [Display formatted status output as shown above]

Edge Cases

No Threat Model

═══════════════════════════════════════════════════════════════
                    THREAT MODEL STATUS
═══════════════════════════════════════════════════════════════

No threat model found in current directory.

───────────────────────────────────────────────────────────────
                     GETTING STARTED
───────────────────────────────────────────────────────────────

OPTION 1: Run everything at once (recommended)

  /tm-full --docs ./path/to/docs

OPTION 2: Run step by step

  1. /tm-init --docs ./path/to/docs    Initialize & discover assets
  2. /tm-threats                        Analyze threats (STRIDE)
  3. /tm-verify                         Check controls in code
  4. /tm-compliance --framework owasp   Map to compliance frameworks
  5. /tm-report                         Generate reports

───────────────────────────────────────────────────────────────
                     WHAT IS --docs?
───────────────────────────────────────────────────────────────

Point --docs to a folder containing your architecture documentation:

  - README.md with system overview
  - Architecture diagrams or descriptions
  - API specifications (OpenAPI, GraphQL schemas)
  - Infrastructure-as-code (Terraform, CloudFormation)
  - Database schemas
  - Any markdown files describing your system

Examples:
  /tm-init --docs ./docs
  /tm-init --docs ./architecture
  /tm-init --docs ./design

The toolkit will read these files to understand your system
and automatically discover assets, data flows, and trust boundaries.

═══════════════════════════════════════════════════════════════

Partial State

═══════════════════════════════════════════════════════════════
                    THREAT MODEL STATUS
═══════════════════════════════════════════════════════════════

Warning: Incomplete threat model

───────────────────────────────────────────────────────────────
                        COMPLETED
───────────────────────────────────────────────────────────────
  ✓ assets.json: 14 assets
  ✓ dataflows.json: 22 flows

───────────────────────────────────────────────────────────────
                      NOT YET RUN
───────────────────────────────────────────────────────────────
  ✗ threats.json     → Run /tm-threats
  ✗ controls.json    → Run /tm-verify
  ✗ compliance.json  → Run /tm-compliance

───────────────────────────────────────────────────────────────
                       NEXT STEP
───────────────────────────────────────────────────────────────

Run the next phase:
  /tm-threats

Or run everything remaining:
  /tm-full --continue

═══════════════════════════════════════════════════════════════
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin