endor-explain
Get detailed information about a specific CVE or security finding. Use when the user says "what is CVE-2024-XXXXX", "explain this vulnerability", "tell me about GHSA-...", "endor explain", "finding details", or wants to understand severity, impact, attack vectors, and affected versions for a specific issue. Do NOT use for fixing a vuln (/endor-fix) or listing all findings (/endor-findings).
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its scope, provides rich natural trigger terms, and explicitly delineates boundaries with related skills. The inclusion of 'Do NOT use for' clauses is particularly effective for disambiguation. The description uses proper third-person voice and is concise yet comprehensive.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: get detailed information about a CVE, explain vulnerability, understand severity, impact, attack vectors, and affected versions. Also explicitly distinguishes what it does NOT do (fixing or listing). | 3 / 3 |
Completeness | Clearly answers both 'what' (get detailed information about a specific CVE or security finding, including severity, impact, attack vectors, affected versions) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes explicit negative boundaries with 'Do NOT use for' guidance. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'what is CVE-2024-XXXXX', 'explain this vulnerability', 'tell me about GHSA-...', 'endor explain', 'finding details'. These are realistic phrases users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche (specific CVE/finding details) and explicit negative boundaries distinguishing it from related skills (/endor-fix for fixing, /endor-findings for listing). The trigger terms like 'CVE-2024-XXXXX' and 'GHSA-...' are very specific. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with clear multi-step workflows for two distinct input types (CVE and Finding UUID). The actionability is strong with specific tool names and detailed output templates. The main weakness is that the extensive output templates add bulk that could be more concisely expressed or moved to reference files, and some table fields (like CVSS vector components) explain concepts Claude already knows.
Suggestions
Consider condensing the output templates—Claude can infer table formatting from a brief description rather than needing full markdown templates with every placeholder spelled out.
Move the detailed output templates to a separate reference file (e.g., references/output-templates.md) to keep the main SKILL.md focused on workflow logic and tool usage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is reasonably efficient but includes some redundancy—the detailed markdown templates with placeholder variables are somewhat verbose, and the table structures for CVSS vector components explain things Claude already understands. However, most content serves a purpose as output formatting templates. | 2 / 3 |
Actionability | The skill provides specific tool names (get_endor_vulnerability, check_dependency_for_risks, get_resource), concrete step sequences, exact output templates with field mappings, and clear error handling actions. Claude knows exactly what to call and how to present results. | 3 / 3 |
Workflow Clarity | Both the CVE lookup and Finding UUID lookup workflows are clearly sequenced with numbered steps. The output templates serve as validation checkpoints ensuring all required fields are gathered. Error handling covers common failure modes with specific recovery actions. | 3 / 3 |
Progressive Disclosure | The skill references 'references/data-sources.md' for data source policy, which is good, but the detailed markdown output templates could arguably be split into a separate reference file. The inline templates make the main skill longer than necessary, though the structure with clear section headers is reasonable. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.