endor-check
Check if a specific dependency has known vulnerabilities or malware using Endor Labs. Use when the user names a package and wants to know if it's safe, says "check lodash", "is express vulnerable", "any CVEs in django", "endor check", "is this package safe", or provides a package name after installing a dependency. Do NOT use for scanning an entire repo (/endor-scan) or viewing existing findings (/endor-findings).
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines a specific capability (single-dependency vulnerability check), provides rich natural trigger terms users would actually say, and explicitly delineates boundaries with related skills. The inclusion of both positive triggers and negative exclusions makes it highly effective for skill selection in a multi-skill environment.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description lists a concrete action ('Check if a specific dependency has known vulnerabilities or malware using Endor Labs') and clearly specifies the tool and scope (single dependency check vs. repo scan). | 3 / 3 |
Completeness | Clearly answers both 'what' (check a specific dependency for vulnerabilities/malware using Endor Labs) and 'when' (explicit 'Use when...' clause with multiple trigger examples), plus includes helpful 'Do NOT use' negative boundaries distinguishing it from related skills. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'check lodash', 'is express vulnerable', 'any CVEs in django', 'endor check', 'is this package safe', 'package name'. These closely match how users would naturally phrase such requests. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit negative boundaries ('Do NOT use for scanning an entire repo (/endor-scan) or viewing existing findings (/endor-findings)'), clearly carving out its niche from related Endor Labs skills and minimizing conflict risk. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted skill that efficiently covers input parsing, ecosystem mapping, tool invocation with fallback, structured output formatting, and error handling—all without unnecessary verbosity. The progressive disclosure is excellent, referencing external files for install commands and data sources while keeping the core workflow self-contained. The output templates give Claude exact formatting to follow, making results consistent and actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. Every section serves a purpose—input parsing, ecosystem mapping, workflow steps, output templates, and error handling. No unnecessary explanations of what vulnerabilities are or how package managers work. | 3 / 3 |
Actionability | Provides specific MCP tool names (`check_dependency_for_risks`, `check_dependency_for_vulnerabilities`), exact parameter names, concrete output templates with markdown formatting, and a clear fallback path. The ecosystem mapping table is immediately usable. | 3 / 3 |
Workflow Clarity | Clear two-step workflow with a preferred/fallback pattern for the check step. Result presentation is branched by outcome (vulnerabilities found vs. clean). Error handling table covers key failure modes with specific actions. The workflow is simple enough that explicit validation loops aren't needed—this is a read-only check, not a destructive operation. | 3 / 3 |
Progressive Disclosure | The skill keeps the main flow concise and delegates supplementary content to one-level-deep references (`references/install-commands.md`, `references/data-sources.md`). It also cross-references related skills (`/endor-fix`, `/endor-upgrade-impact`, `/endor-score`, `/endor-setup`) for next steps without inlining their content. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.