functions-falcon-api
Call CrowdStrike Falcon platform APIs (detections, alerts, hosts, RTR) from within Foundry function handlers. TRIGGER when user asks to "call Falcon APIs from a function", "use FalconPy in a function", "use gofalcon in a function", or needs to integrate Falcon platform APIs within serverless function code. DO NOT TRIGGER when user wants to expose external third-party APIs to Foundry — use api-integrations instead.
86
82%
Does it follow best practices?
Impact
100%
1.23xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its scope, provides multiple natural trigger phrases, and explicitly delineates its boundary from a related skill. The inclusion of specific API categories (detections, alerts, hosts, RTR) and SDK names (FalconPy, gofalcon) gives Claude strong signals for when to select this skill. The DO NOT TRIGGER clause is a particularly effective addition for reducing false positives.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions and domains: 'Call CrowdStrike Falcon platform APIs (detections, alerts, hosts, RTR) from within Foundry function handlers.' It names specific API categories and the execution context (Foundry function handlers). | 3 / 3 |
Completeness | Clearly answers both 'what' (call CrowdStrike Falcon platform APIs for detections, alerts, hosts, RTR from Foundry function handlers) and 'when' (explicit TRIGGER clause with specific phrases). Additionally includes a 'DO NOT TRIGGER' clause to reduce false positives, which goes above and beyond. | 3 / 3 |
Trigger Term Quality | Includes highly natural trigger terms users would say: 'call Falcon APIs from a function', 'use FalconPy in a function', 'use gofalcon in a function', plus domain-specific terms like 'detections', 'alerts', 'hosts', 'RTR', 'serverless function code'. These cover multiple natural phrasings. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with a clear niche (Falcon APIs within Foundry functions) and explicitly differentiates itself from a related skill ('api-integrations') via the DO NOT TRIGGER clause, minimizing conflict risk. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a solid, highly actionable skill with excellent concrete code examples covering Python and Go Falcon API integration patterns. Its main weaknesses are moderate verbosity (could move some patterns to reference files) and lack of explicit workflow sequencing with validation checkpoints. The common pitfalls section and 207 gotcha are valuable additions.
Suggestions
Move some of the common API patterns (host lookups, multi-API enrichment) into a reference file to reduce the main skill's length and improve progressive disclosure.
Add an explicit step-by-step workflow section (e.g., 1. Create handler → 2. Add API call → 3. Test locally → 4. Deploy → 5. Verify) with validation checkpoints at each stage.
Remove the multi-region table since the text already states SDKs handle region discovery automatically — the table adds tokens without actionable value.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient with good code examples, but includes some unnecessary content: the system injection block at the top, the multi-region table (since it says SDKs handle this automatically), and some explanatory text like 'FalconPy already reads env vars internally' that could be trimmed. The 'How it works' bullets are borderline unnecessary. Overall decent but not maximally lean. | 2 / 3 |
Actionability | Excellent actionability — provides fully executable, copy-paste-ready code examples for Python and Go, covering multiple API patterns (alerts, detections, hosts, multi-API enrichment), testing with mocks, local testing commands, and error handling for 207 responses. Every pattern is concrete and complete. | 3 / 3 |
Workflow Clarity | The skill presents clear individual patterns but lacks explicit workflow sequencing for the overall process of creating a Foundry function with Falcon API integration. There are no validation checkpoints (e.g., verify auth works, validate response schemas). The testing section exists but isn't integrated into a step-by-step workflow. The 207 Multi-Status handling is good but presented as a standalone gotcha rather than part of a validation flow. | 2 / 3 |
Progressive Disclosure | References to advanced-patterns.md, python-functions.md, and external GitHub repos are well-signaled. However, the main file is quite long (~200+ lines of code examples) and some patterns (multi-API enrichment, host lookups) could be moved to reference files. The bundle has no files provided to verify reference accuracy, and the reference table only lists one file while the body is content-heavy. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
72%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 8 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
metadata_version | 'metadata.version' is missing | Warning |
metadata_field | 'metadata' should map string keys to string values | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 8 / 11 Passed | |
- Repository
- CrowdStrike/foundry-skills
- Commit
e7fa026
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.