CtrlK
BlogDocsLog inGet started
Tessl Logo

endor-check

Check if a specific dependency has known vulnerabilities or malware using Endor Labs. Use when the user names a package and wants to know if it's safe, says "check lodash", "is express vulnerable", "any CVEs in django", "endor check", "is this package safe", or provides a package name after installing a dependency. Do NOT use for scanning an entire repo (/endor-scan) or viewing existing findings (/endor-findings).

100

Quality

100%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Endor Labs Dependency Check

Check a specific dependency for known vulnerabilities and malware risks.

Input Parsing

Extract from user input:

  1. Package name (required) — e.g., lodash, express, django
  2. Version (optional) — e.g., 4.17.15, 2.0.0
  3. Language (optional) — auto-detect from package name pattern or manifest files in cwd; ask if ambiguous

Ecosystem Mapping

Package Managerecosystem Parameter
npm/yarn/pnpmnpm
pip/poetrypython
Go modulesgo
Mavenmaven (use groupid:artifactid for dependency name)
Gradlejava
Cargorust
NuGetdotnet
RubyGemsruby
Composerphp

Workflow

Step 1: Check for Vulnerabilities and Risks

Preferred: Use check_dependency_for_risks MCP tool with ecosystem, dependency_name, and version. This checks for both vulnerabilities AND malware.

Fallback: If check_dependency_for_risks is unavailable, use check_dependency_for_vulnerabilities MCP tool (same parameters, vulnerabilities only).

Step 2: Present Results

If Vulnerabilities or Risks Found

## Security Check: {package}@{version}

**Status:** {VULNERABLE / MALWARE DETECTED / VULNERABLE + MALWARE}
**Language:** {language}

### Vulnerabilities Found

| CVE | Severity | Description | Fixed In |
|-----|----------|-------------|----------|
| {cve} | Critical | {desc} | {fixed_version} |

### Malware Risks (if detected)

| Risk | Severity | Description |
|------|----------|-------------|
| {risk_type} | {severity} | {description} |

### Recommended Action

Upgrade to **{safe_version}** to resolve all known vulnerabilities.
If malware detected: **Remove this package immediately** and find a safe alternative.

For install commands, read references/install-commands.md.

### Next Steps

1. `/endor-fix {top-cve}` — Get fix details
2. `/endor-upgrade-impact {package} {safe_version}` — Check upgrade impact

If No Vulnerabilities Found

Report {package}@{version} has no known vulnerabilities in Endor Labs. Suggest /endor-score {package} for package health.

For data source policy, read references/data-sources.md.

Error Handling

ErrorAction
Package not foundCheck package name and ecosystem. Do NOT look up externally.
Version not foundShow available versions from Endor Labs or check latest
Auth errorSuggest /endor-setup
MCP not availableSuggest /endor-setup
Repository
endorlabs/skills-ideas
Commit

344e7ff

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill