endor-demo
Demo Endor Labs capabilities using simulated data, no account required. Use when the user says "try endor", "demo", "endor without account", "show me what endor can do", or when MCP auth fails and user wants to see capabilities before signing up. Do NOT use when the user has a working Endor Labs account — use real scans instead.
67
80%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/endor-demo/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong description with excellent trigger terms, clear completeness covering both what/when, and a helpful negative boundary ('Do NOT use when'). Its main weakness is that the specific capabilities being demoed are not enumerated — the description tells you it demos Endor Labs but not what specific actions or outputs the demo includes.
Suggestions
Add specific concrete actions that the demo performs, e.g., 'Simulates dependency scanning, vulnerability detection, and risk scoring using sample project data' to improve specificity.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description mentions 'Demo Endor Labs capabilities using simulated data' which names the domain and a general action (demo/simulate), but doesn't list specific concrete actions like 'scan dependencies, detect vulnerabilities, show risk scores'. The actual capabilities being demoed are not enumerated. | 2 / 3 |
Completeness | Clearly answers both 'what' (demo Endor Labs capabilities using simulated data, no account required) and 'when' (explicit trigger phrases plus contextual triggers like auth failure). Also includes a helpful 'Do NOT use when' clause for disambiguation. | 3 / 3 |
Trigger Term Quality | Excellent trigger term coverage with natural phrases users would say: 'try endor', 'demo', 'endor without account', 'show me what endor can do', plus the contextual trigger of MCP auth failure. These are highly natural and varied. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with very specific trigger terms tied to 'endor' and demo/trial scenarios. The explicit 'Do NOT use when' clause further reduces conflict risk with the real Endor Labs scanning skill. Clear niche as the demo/fallback mode. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
70%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured demo workflow skill with clear sequencing and good use of a concrete output template. Its main weaknesses are the vague project detection step (no specific commands or code for reading manifests) and some marketing-flavored content that doesn't add instructional value. The guidelines section at the end is a strong addition for safety/boundary constraints.
Suggestions
Add concrete code or specific tool commands for step 2 (e.g., `ls *.json *.toml *.xml` or `find . -name 'package.json' -o -name 'go.mod'`) to make project detection actionable rather than abstract.
Trim the 'What Endor Labs Provides' numbered list — Claude doesn't need marketing copy to run a demo; instead, integrate those points as brief annotations in the vulnerability table or feature showcase.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but includes some unnecessary explanation. The 'What Endor Labs Provides' section is somewhat marketing-oriented rather than instructional, and the 'When to Use' section partially restates what should already be in the frontmatter description. However, it's not egregiously verbose. | 2 / 3 |
Actionability | Provides a clear template for simulated output and lists specific commands to showcase, but lacks executable code for detecting project info (step 2 is vague — 'Read current directory' without specifying how). The simulated scan template is concrete and copy-paste ready, but the detection step is abstract. | 2 / 3 |
Workflow Clarity | The 5-step workflow is clearly sequenced and logical: welcome → detect → present results → showcase features → call to action. For a demo/presentation skill (non-destructive, no batch operations), this is appropriately structured with no need for validation checkpoints. | 3 / 3 |
Progressive Disclosure | For a skill under 50 lines with no need for external references, the content is well-organized into clear sections. The inline markdown template is appropriate since it's the core deliverable of the skill, not reference material that should be split out. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.