name: threat-modeler description: 使用STRIDE、PASTA或VAST方法生成威胁模型 allowed-tools:
- Bash
- Read
- Write
- Glob
威胁建模技能
概述
使用STRIDE、PASTA或VAST方法生成威胁模型,包括攻击树生成、数据流图分析和基于DREAD的威胁优先级排序。
能力
- 生成STRIDE威胁模型
- 支持PASTA方法
- 支持VAST方法
- 攻击树生成
- 数据流图分析
- 威胁优先级排序(DREAD)
- Microsoft威胁建模工具集成
- 缓解建议
目标流程
- 安全架构审查
- API设计规范
输入模式
{
"type": "object",
"required": ["system"],
"properties": {
"system": {
"type": "object",
"properties": {
"name": { "type": "string" },
"description": { "type": "string" },
"dataFlows": { "type": "array" },
"assets": { "type": "array" },
"trustBoundaries": { "type": "array" },
"externalEntities": { "type": "array" }
}
},
"methodology": {
"type": "string",
"enum": ["STRIDE", "PASTA", "VAST"],
"default": "STRIDE"
},
"options": {
"type": "object",
"properties": {
"prioritization": {
"type": "string",
"enum": ["DREAD", "CVSS", "custom"],
"default": "DREAD"
},
"generateAttackTrees": {
"type": "boolean",
"default": true
},
"outputFormat": {
"type": "string",
"enum": ["json", "markdown", "html"],
"default": "markdown"
}
}
}
}
}
输出模式
{
"type": "object",
"properties": {
"threats": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": { "type": "string" },
"category": { "type": "string" },
"title": { "type": "string" },
"description": { "type": "string" },
"affectedAssets": { "type": "array" },
"riskScore": { "type": "number" },
"mitigations": { "type": "array" }
}
}
},
"attackTrees": {
"type": "array"
},
"dataFlowDiagram": {
"type": "string",
"description": "指定格式的DFD"
},
"summary": {
"type": "object",
"properties": {
"totalThreats": { "type": "number" },
"byCategory": { "type": "object" },
"bySeverity": { "type": "object" }
}
}
}
}
使用示例
{
kind: 'skill',
skill: {
name: 'threat-modeler',
context: {
system: {
name: '电子商务平台',
assets: ['用户数据', '支付信息', '库存'],
trustBoundaries: ['DMZ', '内部网络'],
dataFlows: [
{ from: '用户', to: 'Web服务器', data: '凭据' }
]
},
methodology: 'STRIDE',
options: {
prioritization: 'DREAD',
generateAttackTrees: true
}
}
}
}