endor-cicd
Generate CI/CD pipeline configurations for Endor Labs security scanning. Supports GitHub Actions, GitLab CI, Jenkins, Azure DevOps, Bitbucket Pipelines, and CircleCI. Use when the user says "add security to my pipeline", "endor CI/CD", "GitHub Actions endor", "set up CI scanning", or wants automated security checks in their build pipeline. Do NOT use for running scans locally (/endor-scan) or managing policies (/endor-policy).
68
82%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It specifies concrete capabilities with supported platforms, provides rich natural trigger terms, explicitly addresses both 'what' and 'when', and includes negative boundaries to prevent conflicts with related skills. The description is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'Generate CI/CD pipeline configurations for Endor Labs security scanning' and enumerates six supported platforms (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, Bitbucket Pipelines, CircleCI). | 3 / 3 |
Completeness | Clearly answers both 'what' (generate CI/CD pipeline configurations for Endor Labs security scanning across six platforms) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation. | 3 / 3 |
Trigger Term Quality | Includes excellent natural trigger terms users would actually say: 'add security to my pipeline', 'endor CI/CD', 'GitHub Actions endor', 'set up CI scanning', 'automated security checks in their build pipeline'. These cover multiple natural phrasings. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche (Endor Labs CI/CD pipeline configs) and explicit negative boundaries ('Do NOT use for running scans locally (/endor-scan) or managing policies (/endor-policy)'), which actively prevents conflicts with related skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, concise skill that clearly outlines the workflow for generating CI/CD configurations across multiple platforms. Its main weaknesses are the lack of concrete code examples (no actual template snippets or detection logic shown) and missing validation checkpoints in the workflow. The referenced bundle files (cicd-templates.md, data-sources.md) are not provided, which limits the skill's completeness.
Suggestions
Include at least one concrete CI/CD template example (e.g., a minimal GitHub Actions workflow) inline so Claude has an executable reference even without the bundle files.
Add a validation checkpoint after Step 3, such as verifying YAML syntax of the generated config before writing it, and a feedback loop if the test commit in Step 4 fails.
Make Step 1 and Step 2 more actionable by specifying exact file paths to check (e.g., 'Check for .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile') and exact manifest files per language (e.g., 'package.json → Node.js, pom.xml → Java').
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured. It uses tables for compact reference, avoids explaining what CI/CD is or how platforms work, and every section serves a clear purpose. No unnecessary padding or explanations of concepts Claude already knows. | 3 / 3 |
Actionability | The workflow steps are clear but lack concrete executable examples. There are no actual template snippets shown—Step 3 defers entirely to `references/cicd-templates.md`. The detection steps (languages, build commands) are described abstractly rather than with specific file checks or commands. | 2 / 3 |
Workflow Clarity | The four-step workflow is clearly sequenced and the error handling table is helpful. However, there are no validation checkpoints—no step to verify the generated config is syntactically valid, no feedback loop if the test commit in Step 4 fails, and no explicit verification that secrets are correctly configured before pushing. | 2 / 3 |
Progressive Disclosure | References to `references/cicd-templates.md` and `references/data-sources.md` are appropriately signaled and one level deep. However, no bundle files were provided, meaning these references point to non-existent files, undermining the progressive disclosure structure. The SKILL.md itself is well-organized as an overview. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.