CtrlK
BlogDocsLog inGet started
Tessl Logo

endor-findings

Display and filter security findings from Endor Labs. Use when the user says "show findings", "list vulnerabilities", "what did the scan find", "endor findings", "show me critical reachable vulns", or wants to browse/filter results after a scan. Supports filtering by severity, reachability, category (vuln/sast/secrets/license). Do NOT use for running a new scan (/endor-scan) or explaining a specific CVE (/endor-explain).

100

Quality

100%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Passed

No known issues

SKILL.md
Quality
Evals
Security

Endor Labs Findings Viewer

Query and display security findings with filtering support.

Filter Reference

Parse user input to build filters:

User SaysAPI Filter
criticalspec.level==FINDING_LEVEL_CRITICAL
highspec.level==FINDING_LEVEL_HIGH
mediumspec.level==FINDING_LEVEL_MEDIUM
lowspec.level==FINDING_LEVEL_LOW
reachablespec.finding_tags contains FINDING_TAGS_REACHABLE_FUNCTION
unreachablespec.finding_tags not contains FINDING_TAGS_REACHABLE_FUNCTION
vulnerability, vulnspec.finding_categories contains FINDING_CATEGORY_VULNERABILITY
sastspec.finding_categories contains FINDING_CATEGORY_SAST
secrets, secretspec.finding_categories contains FINDING_CATEGORY_SECRETS
licensespec.finding_categories contains FINDING_CATEGORY_LICENSE_RISK
no-testspec.finding_tags not contains FINDING_TAGS_TEST_DEPENDENCY

Combine multiple filters with and. Default (no user filters): critical + high, excluding test dependencies.

Workflow

Step 1: Query Findings

Option A — After a scan: scan MCP tool returns finding UUIDs sorted by severity. Use get_resource (resource_type: Finding) for each UUID.

Option B — From platform: Run /endor-scan first, then retrieve findings via get_resource.

Option C — CLI fallback:

npx -y endorctl api list --resource Finding -n $ENDOR_NAMESPACE --filter "{filter_string}" 2>/dev/null

For CLI field paths and parsing gotchas, read references/cli-parsing.md.

Step 2: Interpret Reachability

For reachability tag interpretation, read references/reachability-tags.md.

Step 3: Present Results

## Security Findings

**Filter:** {human-readable filter description}
**Total:** {count} findings

### Findings

| # | Severity | Category | Package | CVE/Issue | Reachability | Description |
|---|----------|----------|---------|-----------|--------------|-------------|
| 1 | Critical | Vuln | {pkg} | {cve} | Reachable | {desc} |

### Summary

- {n} Critical ({r} reachable function, {p} potentially reachable)
- {n} High ({r} reachable function, {p} potentially reachable)
- {n} Secrets / {n} SAST / {n} License risks

### Next Steps

1. `/endor-fix {top-cve}` — Fix top issue
2. `/endor-explain {cve}` — Explain a finding
3. `/endor-findings critical reachable` — Narrow results

Offer pagination if more results available.

Priority Order

  1. Critical + Reachable Function
  2. Critical + Potentially Reachable
  3. High + Reachable Function
  4. High + Potentially Reachable
  5. Secrets/Credentials
  6. Critical + Unreachable
  7. SAST Critical/High
  8. License issues
  9. Medium/Low

For data source policy, read references/data-sources.md.

Error Handling

ErrorAction
No findingsNo scan run yet — suggest /endor-scan
Auth errorSuggest /endor-setup
Filter syntax errorShow correct filter format
Repository
endorlabs/skills-ideas
Commit

344e7ff

Last updated
Created

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill