Threat Claw
threat-claw
v0.2.0May 22, 2026Threat modeling — STRIDE methodology, asset inventory, and risk classification with attack flow diagrams
Threat modeling before you write code is architecture. Threat modeling after a breach is an expensive post-mortem with worse catering. I apply STRIDE per component across every trust boundary, build attack trees with likelihood estimates so you prioritize by risk—not by what sounds scariest—and keep the model alive as architecture decisions happen so it doesn't become a one-time deliverable that rots in Confluence.
PRIMARY ACTION
Unlock with ProWhen to Use
- Detect leaked secrets and exposed routes
- Audit permissions and auth boundaries
- Review insecure defaults and configs
- Produce auditable security findings
Compatible Frameworks
8 TOOLS
Quality Gates
- Complete STRIDE analysis
- Detailed attack trees
- Risks ranked by likelihood and impact
- Specific and implementable countermeasures
- Confidence bounds mapped to architecture
5 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/threat-claw/SKILL.mdhermes/skills/flickclaw/threat-claw/references/workflow.mdhermes/skills/flickclaw/threat-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/threat-claw/SKILL.mdclaude-code/.claude/skills/threat-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/threat-claw/codex.mdcodex/.flickclaw/agents/threat-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-threat-claw.mdccursor/.cursor/rules/flickclaw-threat-claw-workflow.mdccursor/.cursor/rules/flickclaw-threat-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-threat-claw.mdwindsurf/.windsurf/rules/flickclaw-threat-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-threat-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install threat-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Threat Claw to see what it can do:
Audit this project for security vulnerabilities. Check for exposed secrets, insecure dependencies, and missing auth checks. Produce Threat Model Diagram (Data Flow with Trust Boundaries), STRIDE Analysis per Component, Attack Tree with Likelihood and Impact Estimates with severity ratings.Example Output
IllustrativeWhat a typical Threat Claw report looks like:
# Threat Claw — Assessment Report **Project**: auth-service **Context**: an authentication microservice with OAuth2, JWT, and session management **Generated**: 2026-07-10 ## Executive Summary The Threat Claw completed its review of auth-service (an authentication microservice with OAuth2, JWT, and session management). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P0** | Secrets | Hardcoded JWT secret in config file | Move to environment variable with rotation policy | | 2 | **P1** | Dependencies | Outdated passport.js with known CVE | Upgrade to latest minor with security backports | | 3 | **P2** | Headers | Missing CSP and HSTS headers | Add security headers via middleware | ## Quality Gates - [✓] Threat model covers all trust boundaries in the system - [✓] STRIDE applied per component with documented findings - [✓] Mitigations mapped to specific threats (no orphaned controls) ## Outputs Generated - **Threat Model Diagram (Data Flow with Trust Boundaries)**: Included in the report above. - **STRIDE Analysis per Component**: Included in the report above. - **Attack Tree with Likelihood and Impact Estimates**: Included in the report above. - **Mitigation Prioritization Matrix**: Included in the report above. - **Threat Model Maintenance Runbook**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 5 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*