Runs you through a lightweight STRIDE threat modeling workshop: you define scope and assets, map data flows with trust boundaries, apply STRIDE categories to each element, score risks, then convert the findings into backlog tickets and test cases. Built around three reference docs covering workshop steps, a threat catalog with ready-made mitigations, and templates you can drop straight into your issue tracker. The output is a data flow diagram, threat register, and mitigation plan. This is less "security theater" and more "turn architecture discussions into actual work items." Most useful when you're adding auth flows, handling PII, building multi-tenant features, or reviewing anything that crosses trust boundaries.
npx skills add https://github.com/bobmatnyc/claude-mpm-skills --skill threat-modeling