threat-model
The threat-model skill generates a compliance-ready artifact that summarizes MCP security findings from an existing scan, displaying allowed/denied tools, permission counts, secrets exposure, and network/shell/file-write access in a single-screen format. Use it when submitting PRs that add MCP servers, loosen permissions, introduce new dependencies with elevated capabilities, or modify policy configuration files, as the compact output can be pasted directly into PR descriptions for security review.
git clone --depth 1 https://github.com/ruvnet/agent-harness-generator /tmp/threat-model && cp -r /tmp/threat-model/.claude-plugin/skills/threat-model ~/.claude/skills/threat-modelSKILL.md
# threat-model > Codex skill: MCP threat-model artifact for PR / compliance review > (iter 112 → iter 114). User-labelled "enterprise gold." ## What it does Renders the existing `mcp-scan` findings as a clean threat-model artifact in the shape a security / compliance reviewer wants to see attached to a PR: ``` MCP Threat Model Allowed tools: 3 Denied tools: 14 Dangerous permissions: 0 Secrets reachable: no Network access: no Shell access: no File write: no Default-deny policy: yes Audit log: yes Verdict: clean (exit 0) ``` Same underlying scan as `mcp-scan`, presented as a single-screen artifact. | Verdict | Exit | Triggers | |---|---|---| | `clean` | 0 | no dangerous perms, no secret exposure | | `medium` | 1 | network OR file-write granted, OR no audit log | | `high` | 2 | shell granted OR default-deny OFF OR secrets reachable | The "secrets reachable" heuristic is conservative: true when MCP is in use AND deny rules don't guard `.env*` AND allow rules include any `Read(...)` grant. ## Usage from Codex ``` /threat-model path=./my-harness /threat-model path=./my-harness bundle=true ``` ## Equivalent CLI ```bash harness threat-model ./my-harness # text artifact harness threat-model ./my-harness --json # full envelope harness threat-model ./my-harness --bundle # ADR-031 schema-1 harness threat-model ./my-harness --out tm.json # write to file ``` ## When to attach this to a PR - Adding a new MCP server / tool - Loosening a permission allow rule - Pulling in a new dependency that exposes shell/network capabilities - Any change to `.harness/mcp-policy.json` or `.claude/settings.json` permissions The artifact is small enough to paste verbatim into the PR description. ## Related skills - `validate-harness` (iter 22) — release-readiness umbrella (includes mcp-scan) - `score-harness` (iter 114) — broader 0-100 scorecard; MCP safety is one of its 5 dimensions - `repo-genome` (iter 114) — pre-scaffold readiness; MCP risk is one of its 7 sections ## See also - ADR-022 — MCP primitive · ADR-030 — Discovery Loop · ADR-031 — Bundle Pattern
Diff two scaffolded harnesses (ADR-031). Reports manifest meta drift + host list + per-file fingerprint changes (added/removed/changed). Exits 0 IDENTICAL, 1 DRIFT, 2 missing manifest. Use --bundle for the ADR-031 schema-1 JSON envelope.
Scaffold your own focused AI agent harness — pick host (Claude Code, Codex, pi.dev, Hermes), template, agents, skills, and ship a npm-publishable harness with its own npx CLI. Use when a user asks to "create my own agent harness", "scaffold a harness", "make a custom Claude Code plugin like ruflo", or "build a vertical AI assistant for X".
Kernel-version skew check (ADR-027). Reports manifest surface + manifest kernel + installed kernel + verdict (match/patch-diff/minor-diff/major-diff). Exits 1 on minor/major skew with a copy-pasteable `npm install @metaharness/kernel@X.Y.Z` next step. Exits 2 if no .harness/manifest.json at path.
Scaffold a ready-made AI agent harness in one command from the 19 published @metaharness/* example packages — 9 host integrations (Claude Code, Codex, Hermes, pi.dev, OpenClaw, RVM, Copilot, OpenCode, GitHub Actions) + 10 vertical pods (devops, research, trading, support, legal, coding, education, sales, gaming, repo-maintainer).
GCP Secret Manager integration: validate setup, fetch values, or confirm an NPM_TOKEN is non-revoked via `npm whoami`. Used for publish-time token rotation without long-lived keys in CI.
List the available harness templates and what each one ships with. Use when the user asks "what templates are available", "what verticals does the harness generator support", or "show me what I can scaffold".
Emit .harness/oia-manifest.json declaring layer alignment with the OIA v0.1 9-layer reference architecture. Self-describes the harness's MCP wiring, witness signing, audit log, identity posture (always 'none' at v0.1). --check verifies an existing manifest, --dry-run prints without writing, --json emits to stdout.
Publish a generated harness to npm — runs the smoke test, signs the witness manifest, and dispatches `npm publish --provenance` from your tagged release.