endor-explain
Get detailed information about a specific CVE or security finding. Use when the user says "what is CVE-2024-XXXXX", "explain this vulnerability", "tell me about GHSA-...", "endor explain", "finding details", or wants to understand severity, impact, attack vectors, and affected versions for a specific issue. Do NOT use for fixing a vuln (/endor-fix) or listing all findings (/endor-findings).
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that covers all key dimensions well. It provides specific capabilities, rich natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear boundaries against related skills. The inclusion of example user phrases and negative scope boundaries makes this particularly effective for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: getting detailed information about a CVE, explaining vulnerabilities, understanding severity, impact, attack vectors, and affected versions. Also explicitly states what it does NOT do (fixing or listing). | 3 / 3 |
Completeness | Clearly answers both 'what' (get detailed information about a specific CVE or security finding, understand severity/impact/attack vectors/affected versions) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes explicit negative boundaries with 'Do NOT use for' guidance. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'what is CVE-2024-XXXXX', 'explain this vulnerability', 'tell me about GHSA-...', 'endor explain', 'finding details'. These are realistic phrases users would naturally use. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear niche (single CVE/finding detail lookup) and explicit negative boundaries distinguishing it from related skills like /endor-fix and /endor-findings. The specific trigger terms like CVE identifiers and GHSA identifiers make it very unlikely to conflict. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with strong actionability and clear multi-step workflows for two distinct input types. The specific tool names, parameters, and output templates give Claude precise guidance. The main weakness is that the detailed output templates add bulk that could be more concisely expressed or split into a reference file.
Suggestions
Consider condensing the output templates by showing one complete example and noting variations for the other case, rather than two full templates with placeholder fields.
Move the detailed markdown output templates to a separate reference file (e.g., references/output-formats.md) and keep only a brief summary of the expected output structure in the main skill.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is mostly efficient but includes some redundancy—the detailed markdown templates with placeholder fields are somewhat verbose, though they serve as concrete output format specifications. The skill doesn't over-explain concepts Claude knows. | 2 / 3 |
Actionability | Provides specific tool names (get_endor_vulnerability, check_dependency_for_risks, get_resource), concrete parameters, exact output templates with field mappings, and clear next-step commands. Claude knows exactly what to call and how to present results. | 3 / 3 |
Workflow Clarity | Both the CVE lookup and Finding UUID lookup workflows have clearly numbered steps with explicit sequencing. The error handling table provides recovery paths, and the output templates include verification steps (e.g., '/endor-check', '/endor-fix'). The preferred/fallback tool pattern in Step 2 is a good decision tree. | 3 / 3 |
Progressive Disclosure | The skill references 'references/data-sources.md' for data source policy (one level deep, good), but the two large markdown output templates inline could arguably be split into a separate reference. The overall structure with sections for CVE vs Finding UUID is clear, but the inline templates make the file longer than necessary. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.