Ask me what skills you need
What are you building?
Tell me what you're working on and I'll find the best agent skills for you.
Security threat model: scan toolkit for attack surface, supply-chain risks.
This skill executes a structured, phase-gated security threat model workflow that scans the toolkit installation for attack surface exposure, supply-chain injection patterns, and learning DB contamination. It follows the toolkit's four-layer architecture: deterministic Python scripts perform all checks and produce JSON artifacts; Phase 5 (synthesis only) is the LLM step. Each phase gates on artifact validation before proceeding.
Outputs are saved to security/ with a shared run_id for correlation across phases.
Phase 5 produces an actionable threat model document.
Goal: Enumerate the active attack surface of the current installation.
Create the security/ output directory and run the surface scan script:
mkdir -p security
python3 scripts/scan-threat-surface.py --output security/surface-report.json
This script enumerates:
~/.claude/settings.json) with file paths and event types~/.claude/mcp.json and .mcp.json)skills/) with allowed-tools entriesnpx skills add notque/vexjoy-agent --skill security-threat-modelHow clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
Clear and well structured, with only minor parts that might need a second read.
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
Mostly actionable with clear steps; only a few small gaps remain.