endor-demo

Demo Endor Labs capabilities using simulated data, no account required. Use when the user says "try endor", "demo", "endor without account", "show me what endor can do", or when MCP auth fails and user wants to see capabilities before signing up. Do NOT use when the user has a working Endor Labs account — use real scans instead.

Quality

80%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/endor-demo/SKILL.md

Quality

Content

70%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured demo workflow skill with clear sequencing and good use of a concrete output template. Its main weaknesses are the vague project detection step (no specific commands or code for reading manifests) and some marketing-flavored content that doesn't add instructional value. The guidelines section at the end is a strong addition for safety/boundary constraints.

Suggestions

Add concrete code or specific tool commands for step 2 (e.g., `ls *.json *.toml *.xml` or `find . -name 'package.json' -o -name 'go.mod'`) to make project detection actionable rather than abstract.

Trim the 'What Endor Labs Provides' numbered list — Claude doesn't need marketing copy to run a demo; instead, integrate those points as brief annotations in the vulnerability table or feature showcase.

Dimension	Reasoning	Score
Conciseness	Mostly efficient but includes some unnecessary explanation. The 'What Endor Labs Provides' section is somewhat marketing-oriented rather than instructional, and the 'When to Use' section partially restates what should already be in the frontmatter description. However, it's not egregiously verbose.	2 / 3
Actionability	Provides a clear template for simulated output and lists specific commands to showcase, but lacks executable code for detecting project info (step 2 is vague — 'Read current directory' without specifying how). The simulated scan template is concrete and copy-paste ready, but the detection step is abstract.	2 / 3
Workflow Clarity	The 5-step workflow is clearly sequenced and logical: welcome → detect → present results → showcase features → call to action. For a demo/presentation skill (non-destructive, no batch operations), this is appropriately structured with no need for validation checkpoints.	3 / 3
Progressive Disclosure	For a skill under 50 lines with no need for external references, the content is well-organized into clear sections. The inline markdown template is appropriate since it's the core deliverable of the skill, not reference material that should be split out.	3 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a strong description with excellent trigger terms, clear completeness covering both what/when, and a helpful negative boundary ('Do NOT use when'). Its main weakness is that the specific capabilities being demoed are not enumerated — the description tells you it demos Endor Labs but not what specific actions or outputs the demo includes.

Suggestions

Add specific concrete actions that the demo performs, e.g., 'Simulates dependency scanning, vulnerability detection, and risk scoring using sample project data' to improve specificity.

Dimension	Reasoning	Score
Specificity	The description mentions 'Demo Endor Labs capabilities using simulated data' which names the domain and a general action (demo/simulate), but doesn't list specific concrete actions like 'scan dependencies, detect vulnerabilities, show risk scores'. The actual capabilities being demoed are not enumerated.	2 / 3
Completeness	Clearly answers both 'what' (demo Endor Labs capabilities using simulated data, no account required) and 'when' (explicit trigger phrases plus contextual triggers like auth failure). Also includes a helpful 'Do NOT use when' clause for disambiguation.	3 / 3
Trigger Term Quality	Excellent trigger term coverage with natural phrases users would say: 'try endor', 'demo', 'endor without account', 'show me what endor can do', plus the contextual trigger of MCP auth failure. These are highly natural and varied.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with very specific trigger terms tied to 'endor' and demo/trial scenarios. The explicit 'Do NOT use when' clause further reduces conflict risk with the real Endor Labs scanning skill. Clear niche as the demo/fallback mode.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.