ctm — community tm_skills, community, ide skills, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Ideal for Security Analysis Agents requiring Continuous Threat Modeling capabilities to identify security notable events Agent skills to help with Continuous Threat Modeling

izar izar
[0]
[0]
Updated: 3/5/2026

Agent Capability Analysis

The ctm skill by izar is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance.

Ideal Agent Persona

Ideal for Security Analysis Agents requiring Continuous Threat Modeling capabilities to identify security notable events

Core Value

Empowers agents to examine business cases and development requests in the context of project baseline threat models, utilizing the CTM Developer Checklist and enriching requests for comprehensive security analysis, including protocols like threat modeling and event categorization

Capabilities Granted for ctm

Identifying security notable events in user stories
Analyzing development requests for potential security threats
Enriching business cases with threat modeling context

! Prerequisites & Limits

  • Requires existing baseline threat model
  • Follows specific CTM Developer Checklist
  • Limited to security notable event analysis
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

ctm

Install ctm, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

Overview

Given a business case, a user-story, a development request or similar, examine it in the context of the project and the existing baseline threat model and decide if it is a "security notable event" according to Continuous Threat Modeling.

Method

Copy this checklist and track your progress:

Security notable event checklist

- [ ] Find a baseline threat model
- [ ] Enrich the request
- [ ] Use the CTM Developer Checklist

**Step 1: Find a baseline threat model

Examine the project's directory for documentation that resembles a threat model. If one is found, use that as the baseline threat model. If one is not found, ask the user if they would like to use the pytm skill to create one, or if they can provide a baseline threat model. Give the user the option to not have a baseline threat model but point out the quality of the analysis will be diminished.

**Step 2: Enrich the request

If a baseline threat model is available, use it to enrich the corpus of the request. Feel free to ask the user as many elucidative questions about the request as you consider necessary. Use the answers to enrich the request.

**Step 3: Use the CTM Developer Checklist

Using the content of ./Secure_Developer_Checklist.md try to identify in the user request instances that match the "If you did THIS ..." side of the reference table. If matches are found, use the "... then do THAT" respective field to suggest mitigations to the issue identified.

There can be many matches in any given request. Return all those matches.

If there are notable events, suggest to the user that a ticket be created reflecting this change so the threat model can be updated.

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is ctm?

Ideal for Security Analysis Agents requiring Continuous Threat Modeling capabilities to identify security notable events Agent skills to help with Continuous Threat Modeling

How do I install ctm?

Run the command: npx killer-skills add izar/tm_skills/ctm. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for ctm?

Key use cases include: Identifying security notable events in user stories, Analyzing development requests for potential security threats, Enriching business cases with threat modeling context.

Which IDEs are compatible with ctm?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for ctm?

Requires existing baseline threat model. Follows specific CTM Developer Checklist. Limited to security notable event analysis.

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add izar/tm_skills/ctm. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use ctm immediately in the current project.

Related Skills

Looking for an alternative to ctm or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI