open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/threat-model.md
Kjell Tore Guttormsen 03b8885b6e chore(llm-security): v7.7.2 — language consistency pass 
~/.claude/CLAUDE.md specifies English for code and documentation,
Norwegian for dialog only. Norwegian had crept into surface text
across v7.5-v7.7. Translated to English in eight surfaces.

No scanner, hook, or behavior changes — purely surface text.

- 18 skill commands: the HTML Report-step now reads "HTML report:
  [Open in browser]" instead of "HTML-rapport: [Åpne i nettleser]"
- scripts/lib/report-renderers.mjs: key-stat labels, lede defaults,
  table headers, maturity-ladder descriptions, action-tier labels,
  clean buckets, dry-run/apply copy, and JS comments. Regex
  alternations /^high|^høy/ and /resolution|løsning/i preserved.
- playground/llm-security-playground.html: same renderer changes
  mirrored bit-identical, plus playground-only UI strings (catalog,
  breadcrumb aria-label, theme toggle, builder-modal hint,
  guide-panel "no projects yet", delete confirmation, alert/copy).
  Demo-state fixture content for dft-komplett-demo preserved
  (intentional Norwegian persona).
- agents/skill-scanner-agent.md + agents/mcp-scanner-agent.md:
  Generaliseringsgrense + Parallell Read-strategi sections translated
  to Generalization boundary + Parallel Read strategy.
- README.md: playground architecture prose + Recent versions table
  (v7.5.0 — v7.7.1).
- CLAUDE.md: v7.7.1 highlights translated, new v7.7.2 highlights
  added.
- ../../README.md: llm-security v7.5.0 — v7.7.1 bullets.
- ../../CLAUDE.md: llm-security catalog entry.
- docs/scanner-reference.md: six runnable-examples table cells.
- docs/version-history.md: new v7.7.2 entry. v7.5-v7.7 narrative
  sections left in original language (deferred per operator).
- Version bumped 7.7.1 → 7.7.2 in package.json,
  .claude-plugin/plugin.json, README badge + Recent versions,
  CLAUDE.md header + state, docs/version-history.md, playground
  renderHome hardcoded string, root README + CLAUDE.md llm-security
  entries.

Tests: 1820/1820 green. CLI smoke-test: 18/18 commandIds produce
>138 KB self-contained HTML. Browser-dogfood verified.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-19 06:47:44 +02:00

47 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
name: security:threat-model
description: Interactive threat modeling using STRIDE and MAESTRO frameworks — guides architecture analysis and generates threat model document
allowed-tools: Read, Glob, Grep, AskUserQuestion, Agent
model: sonnet
---
# /security threat-model
Interactive threat modeling — STRIDE x MAESTRO, 5-phase interview, complete threat model document.
## Run Session
Spawn `subagent_type: "llm-security:threat-modeler-agent"`, `model: "opus"`:
> Run the full 5-phase interactive threat modeling session.
> Read these knowledge files (absolute paths):
> - \<plugin-root\>/knowledge/skill-threat-patterns.md
> - \<plugin-root\>/knowledge/mcp-threat-patterns.md
> Follow your interview workflow: Architecture Discovery → Component Mapping → Threat Identification (STRIDE x MAESTRO) → Risk Assessment → Mitigation Mapping.
> Output the complete threat model document directly to the conversation.
## After Session
- To save: ask user if they want it written to `threat-model.md`
- To verify mitigations: `/security posture`
- For production readiness: `/security pre-deploy`
## HTML Report
After the threat-modeler agent has produced the complete threat-model markdown document:
1. Compute a temp markdown path:
```bash
node -p "require('path').join(require('os').tmpdir(), 'sec-threat-model-' + Date.now() + '.md')"
```
2. Use the Write tool to save the **entire threat-model markdown you just produced** (Architecture Discovery + Component Mapping + STRIDE × MAESTRO threat matrix + Risk Assessment + Mitigation Mapping) to that temp path. Verbatim.
3. Run the renderer:
```bash
node <plugin-root>/scripts/render-report.mjs threat-model --in "<temp-md-path>"
```
The CLI writes `reports/threat-model-<YYYYMMDD-HHmmss>.html` relative to CWD and prints `file:///abs/path.html` on stdout.
4. Append to your response (markdown link, no bare URL):
> **HTML report:** [Open in browser](file:///abs/path.html)
If the CLI exits non-zero, mention the error but do not block — the markdown threat-model document above is the primary deliverable.
Reference in a new issue View git blame Copy permalink