Skip to main content
Glama
Mipiti
by Mipiti

generate_threat_model

Generate a complete threat model from a feature description by analyzing security properties and detecting similar existing models to avoid duplicates.

Instructions

Generate a complete threat model from a feature description.

Analyzes the feature using the Security Properties (Confidentiality, Integrity, Availability, Usage) methodology with capability-defined attackers. Produces trust boundaries, asset inventory, attacker inventory, control objective matrix, and assumptions.

Runs a multi-step AI pipeline. Progress is reported automatically.

Similar-model short-circuit: if the backend finds an existing model in the workspace whose feature description substantially overlaps with the new one, it does NOT generate a duplicate. This tool returns {"similar_models": [{"id", "title", "reason"}, ...], "suggestion": "..."} with the candidate IDs instead. The agent should then either:

  • Call refine_threat_model on one of the candidates to extend the existing model (usually the right answer — avoids duplicate modeling of the same system and preserves control/assertion history).

  • Retry this tool with force=True to bypass the check and create a genuinely new model anyway (e.g., when the similarity is superficial and the operator confirmed the new model is distinct).

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
forceNoSkip the similar-model detection and always create a new model. Default False — the check fires unless the operator / agent has explicit reason to bypass it.
parent_idNoOptional ID of an existing model to wire the new model under as a child on the recursive composition tree. The child then inherits the parent's topology and participates in composition (delta / inherited control credit). Default None — the model is created flat.
server_versionYes
feature_descriptionYesDescription of the feature or system to threat model. Can be a few sentences or a detailed spec.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It discloses the multi-step AI pipeline, automatic progress reporting, and the similar-model short-circuit behavior. It does not explicitly state read/write nature, but the context implies a write operation. Still, it is fairly transparent about key behaviors.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured: a one-sentence summary, then methodology and outputs, then a dedicated section for the similar-model behavior. It is slightly long but front-loaded with the core purpose and avoids unnecessary fluff.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (4 parameters, output schema, many siblings), the description covers the core functionality and special behavior well. It does not mention prerequisites or error conditions, but the presence of an output schema compensates for missing return-value details.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 75% (3 of 4 parameters have descriptions). The description adds context for the force parameter by explaining the similarity check bypass but does not significantly enhance the understanding of other parameters beyond the schema. A score of 3 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Generate a complete threat model from a feature description.' It specifies the methodology, outputs, and the special similar-model behavior, distinguishing it from sibling tools like refine_threat_model.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit when-to-use guidance: to create a new threat model. It also details the similar-model short-circuit and instructs to either call refine_threat_model or retry with force=True, covering both alternatives and conditions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Mipiti/mipiti-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server