I’ve been reviewing the templates posted here, especially for personal assistant agents, and I noticed most use STRIDE. I’m trying to threat model a privacy-focused agent I’m planning—one that processes local voice, calendar, and messages for personal automation.
STRIDE makes sense for the classic security angles (like spoofing the voice input or tampering with data at rest). But I’m concerned it might not systematically cover privacy threats. For example, a legitimate user operation might still leak information through metadata or inference.
I’ve seen mentions of LINDDUN (Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, Non-compliance) as a privacy-focused alternative. Has anyone here applied LINDDUN, or a hybrid of STRIDE and LINDDUN, to an OpenClaw-style agent? I’m trying to figure out if it’s overkill for a personal project, or if it actually reveals gaps STRIDE would miss.
My specific context: agent runs on a home server, interacts with local services and a few external APIs (weather, transit). Data flow includes a speech-to-text module, a local LLM for intent recognition, and actions that read/write to personal data stores.
Would a combined approach simply mean doing two separate analyses, or are there templates that integrate them? I’m cautious about missing assumptions in the “happy path” diagrams. Any examples or critiques would be really helpful.