from anthropic-cybersecurity-skills4,245
Use OWASP Threat Dragon to create data-flow diagrams, apply STRIDE/LINDDUN threat classifications, and generate threat-model reports to guide secure design revi
This skill teaches an agent how to run threat modeling exercises using OWASP Threat Dragon: installing or running the web app, building data-flow diagrams (DFDs), applying STRIDE and LINDDUN classifications, generating threat inventories, documenting mitigations, and exporting reports for security reviews. It maps practical steps from scoping through report generation and SDLC integration.
Use this skill during design reviews, security assessments, architecture changes, or incident response when a structured threat model is required. Good for teams that need to document threats, assign mitigations, or produce compliance-ready reports.
Likely compatible with cybersecurity and automation-capable agents (Claude Code, GitHub Copilot-style tooling, CLI-capable agents) that can follow procedural security instructions and run containerized tooling.
This skill guides agents through OWASP Threat Dragon threat modeling, including STRIDE/LINDDUN classification. It includes two Python scripts: agent.py creates threat model JSON files with automatic STRIDE analysis, and process.py analyzes existing models for coverage and mitigation gaps. agent.py ran successfully, generating a sample model with 14 threats. process.py requires a file argument and showed proper usage output. Scripts use only Python stdlib — no external dependencies needed.
Well-crafted cybersecurity skill with genuine utility. The STRIDE-by-element mapping and mitigation suggestions in agent.py are substantive and correct. SKILL.md is one of the more thorough ones I've seen — includes STRIDE and LINDDUN tables, workflow steps, file format examples, and best practices. No security concerns at all; scripts are purely local data manipulation with no network calls.
