首页 / 技能 / S³ Threat Modeling — 实用工具

📦 S³ Threat Modeling — 实用工具

v1.0.0

安全性 architecture review, 和 risk assessment. Masters STRIDE, PASTA, attack trees, 和 安全性 requirement ext...

0· 161·0 当前·0 累计
solomonneas 头像by @solomonneas (Solomon Neas)
安全AI模型访问开发工具
下载技能包
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
The skill's instructions, requirements, and stated purpose are consistent: it's an instruction-only threat-modeling expert with no installs, credentials, or out-of-scope actions requested.
评估建议
This skill is coherent and low-risk: it only provides guidance for threat modeling and asks users to supply architecture/context. Before using it, don't paste secrets, private keys, or full production configs—redact sensitive details. Verify you have authorization to share any internal architecture. Because the skill's publisher and homepage are not provided, prefer using it for general guidance or in non-sensitive reviews until you can confirm provenance or use an internal security reviewer for...
详细分析 ▾
用途与能力
Name/description (threat modeling, STRIDE, PASTA, attack trees) match the SKILL.md steps and capabilities. The skill does not request unrelated binaries, credentials, or config paths. Minor provenance note: source/homepage are missing, so author identity is unknown but this does not make the content incoherent.
指令范围
SKILL.md contains high-level, well-scoped threat-modeling steps (define scope, DFDs, STRIDE, attack trees, score/prioritize, mitigations). It does not instruct the agent to read system files, environment variables, or send data to external endpoints. It naturally expects the user to provide architecture info, which is appropriate for its purpose.
安装机制
No install spec and no code files (instruction-only). This is the lowest-risk model — nothing will be written to disk or auto-installed by the skill.
凭证需求
No environment variables, credentials, or config paths are required. The absence of secrets is proportionate to an advisory/expert skill.
持久化与权限
always is false and the skill is user-invocable. It can be invoked autonomously (platform default) but it does not request elevated or persistent privileges or attempt to modify other skills or system settings.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.0

Link threats to security requirements

无害

安装命令

点击复制
官方npx clawhub@latest install s3-threat-modeling
镜像加速npx clawhub@latest install s3-threat-modeling --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库