Tessl • The package manager for agent skills

endor-cicd

Generate CI/CD pipeline configurations for Endor Labs security scanning. Supports GitHub Actions, GitLab CI, Jenkins, Azure DevOps, Bitbucket Pipelines, and CircleCI. Use when the user says "add security to my pipeline", "endor CI/CD", "GitHub Actions endor", "set up CI scanning", or wants automated security checks in their build pipeline. Do NOT use for running scans locally (/endor-scan) or managing policies (/endor-policy).

Quality

82%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, concise skill that clearly outlines the workflow for generating CI/CD configurations across multiple platforms. Its main weaknesses are the lack of concrete code examples (no actual template snippets or detection logic shown) and missing validation checkpoints in the workflow. The referenced bundle files (cicd-templates.md, data-sources.md) are not provided, which limits the skill's completeness.

Suggestions

Include at least one concrete CI/CD template example (e.g., a minimal GitHub Actions workflow) inline so Claude has an executable reference even without the bundle files.

Add a validation checkpoint after Step 3, such as verifying YAML syntax of the generated config before writing it, and a feedback loop if the test commit in Step 4 fails.

Make Step 1 and Step 2 more actionable by specifying exact file paths to check (e.g., 'Check for .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile') and exact manifest files per language (e.g., 'package.json → Node.js, pom.xml → Java').

Dimension	Reasoning	Score
Conciseness	The content is lean and well-structured. It uses tables for compact reference, avoids explaining what CI/CD is or how platforms work, and every section serves a clear purpose. No unnecessary padding or explanations of concepts Claude already knows.	3 / 3
Actionability	The workflow steps are clear but lack concrete executable examples. There are no actual template snippets shown—Step 3 defers entirely to `references/cicd-templates.md`. The detection steps (languages, build commands) are described abstractly rather than with specific file checks or commands.	2 / 3
Workflow Clarity	The four-step workflow is clearly sequenced and the error handling table is helpful. However, there are no validation checkpoints—no step to verify the generated config is syntactically valid, no feedback loop if the test commit in Step 4 fails, and no explicit verification that secrets are correctly configured before pushing.	2 / 3
Progressive Disclosure	References to `references/cicd-templates.md` and `references/data-sources.md` are appropriately signaled and one level deep. However, no bundle files were provided, meaning these references point to non-existent files, undermining the progressive disclosure structure. The SKILL.md itself is well-organized as an overview.	2 / 3
	Total	9 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that hits all the marks. It specifies concrete capabilities with supported platforms, provides rich natural trigger terms, explicitly addresses both 'what' and 'when', and includes negative boundaries to prevent conflicts with related skills. The description is concise yet comprehensive.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'Generate CI/CD pipeline configurations for Endor Labs security scanning' and enumerates six supported platforms (GitHub Actions, GitLab CI, Jenkins, Azure DevOps, Bitbucket Pipelines, CircleCI).	3 / 3
Completeness	Clearly answers both 'what' (generate CI/CD pipeline configurations for Endor Labs security scanning across six platforms) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation.	3 / 3
Trigger Term Quality	Includes excellent natural trigger terms users would actually say: 'add security to my pipeline', 'endor CI/CD', 'GitHub Actions endor', 'set up CI scanning', 'automated security checks in their build pipeline'. These cover multiple natural phrasings.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with clear niche (Endor Labs CI/CD pipeline configs) and explicit negative boundaries ('Do NOT use for running scans locally (/endor-scan) or managing policies (/endor-policy)'), which actively prevents conflicts with related skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.