A Model Context Protocol (MCP) server for comprehensive threat modeling with automatic code validation.
This server provides tools for threat modeling, including business context analysis, architecture analysis, threat actor analysis, trust boundary analysis, asset flow analysis, code security validation and comprehensive report generation.
This MCP Server calls the existing agent's LLM instead of making an external API or network call to a different service. It relies on existing client's LLM which could be Amazon-Q, Kiro or Cline.
This Threat Modeling MCP Server has three main functionalities: 1. Threat modeling phase or state management and prompt controlling. 2. Prompts steering, which controls the agent to go through a methodic approach to threat modeling using built in definitions of business risks, exposures, threat actors and use STRIDE in sequential order. 3. Data validation at every state or phase, which in turn produces actionable threat model report.
It also has tools to generate a final report in both Markdown and JSON exportable formats.
.threatmodel directory and you can evolve your threat model as your code, design and architecture evolves.Note: Before using these prompts, you must first complete the Installation process to set up the MCP server.
"Threat model this project using the threat modeling MCP Server"
Being specific in the prompt to use the threat modeling MCP Server will make sure the client (Cline/Kiro/etc) will follow the exact phases and methodology rather than taking short cut path and introduce hallucination in results.
"Threat model this subfolder using the threat modeling MCP Server"
Running it on a subfolder will limit the scope of threat model and code to that subfolder and save results as a .threatmodel directory within the subfolder.
"Save the threat model report"
"Please complete all the phases in the threat model plan and then generate the final report."
"Threat model this project using the threat model MCP server and consider this architecture_image.png attached for this review"
"Can you see if you can implement mitigation controls in the code based on the threats reported in the threat model"
"Can you updated the threat model based on the code fixes which mitigated the reported threats"
# Set up context
"Set business context for an e-commerce payment system"
# Add architecture
"Add a web server component using AWS EC2"
"Add a database component using AWS RDS"
# Identify threats
"Add a threat where an attacker with network access performs SQL injection"
# Add mitigations
"Add a mitigation for input validation"
# Export results
"Export the threat model to my_model.json"
Before installing the Threat Modeling MCP Server, ensure you have the following requirements:
uvx from Astral or the GitHub READMEuvx --versionOnce you have uvx installed and verified to be working, add the below configuation to your mcp.json config file. Depending on the what type of client your are using (kiro/cline/amazon-q) the location of this mcp.json will be different. Once you add the config and restart your IDE, the Threat Modeling MCP Server will be automatically be installed directly from this GitHub repository using uvx.
Note: The tools used by this mcp server for threat modeling are already added to the
autoApprovefor ease of user experience which enables seamless operation without manual approval prompts for each tool call. All tools are internal to the server and do not make external API calls. If you want to review each of the tools and approve it per invocation, then you need to replace the autoApprove array with this:"autoApprove": []
Add the following to your MCP client configuration:
For Amazon Q (~/.aws/amazonq/mcp.json):
{
"mcpServers": {
"threat-modeling-mcp-server": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/awslabs/threat-modeling-mcp-server.git",
"threat-modeling-mcp-server"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"]
}
}
}
For VSCode Cline:
{
"mcpServers": {
"threat-modeling-mcp-server": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/awslabs/threat-modeling-mcp-server.git",
"threat-modeling-mcp-server"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors","clear_architecture","clear_asset_flows","clear_business_context","clear_threat_actors","clear_trust_boundaries","delete_asset","delete_assumption","delete_component","delete_connection","delete_crossing_point","delete_data_store","delete_flow","delete_mitigation","delete_threat","delete_threat_actor","delete_trust_boundary","delete_trust_zone","execute_code_validation_step","execute_final_export_step","export_comprehensive_threat_model","export_threat_model_with_remediation_status","follow_threat_modeling_plan","generate_remediation_report","get_architecture_analysis_plan","get_asset","get_asset_flow_analysis_plan","get_assumption","get_business_context","get_business_context_analysis_plan","get_business_context_features","get_crossing_point","get_current_phase_status","get_data_model_types","get_flow","get_mitigation","get_phase_1_guidance","get_phase_2_guidance","get_phase_3_guidance","get_phase_4_guidance","get_phase_5_guidance","get_phase_6_guidance","get_phase_7_5_guidance","get_phase_7_guidance","get_phase_8_guidance","get_phase_9_guidance","get_threat","get_threat_actor","get_threat_model_progress","get_threat_modeling_plan","get_trust_boundary","get_trust_boundary_analysis_plan","get_trust_boundary_detection_plan","get_trust_zone","link_mitigation_to_threat","list_assets","list_assumptions","list_components","list_connections","list_crossing_points","list_data_models","list_data_stores","list_flows","list_mitigations","list_threat_actors","list_threats","list_trust_boundaries","list_trust_zones","remove_component_from_zone","remove_conn_from_crossing","reset_asset_flows","reset_threat_actors","set_business_context","set_threat_actor_priority","set_threat_actor_relevance","unlink_mitigation_from_threat","update_asset","update_assumption","update_component","update_connection","update_crossing_point","update_data_store","update_flow","update_mitigation","update_threat","update_threat_actor","update_trust_boundary","update_trust_zone","validate_business_context_completeness","validate_security_controls","validate_threat_model_against_code","validate_threat_remediation"],
"timeout": 60,
"type": "stdio"
}
}
}
For Kiro (~/.kiro/settings/mcp.json):
```json
{
"mcpServers": {
"threat-modeling-mcp-server": {
"command": "uvx",
"args": [
"--from",
"git+https://github.com/awslabs/threat-modeling-mcp-server.git",
"threat-modeling-mcp-server"
],
"env": {
"FASTMCP_LOG_LEVEL": "ERROR"
},
"disabled": false,
"autoApprove": ["add_asset","add_assumption","add_component","add_component_to_zone","add_conn_to_crossing","add_connection","add_crossing_point","add_data_store","add_flow","add_mitigation","add_threat","add_threat_actor","add_trust_boundary","add_trust_zone","advance_phase","analyze_threat_actors
$ claude mcp add threat-modeling-mcp-server \
-- python -m otcore.mcp_server <graph>