endor-fix
Remediate security vulnerabilities by finding safe upgrade paths. Use when the user says "fix this vulnerability", "how do I fix CVE-XXXX", "remediate this finding", "patch this vuln", "endor fix", or wants step-by-step fix instructions for a specific CVE, finding, or vulnerable package. Can apply fixes automatically. Do NOT use for general scanning (/endor-scan) or just viewing vulnerability info (/endor-explain).
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that clearly defines its purpose (remediating vulnerabilities via safe upgrade paths), provides abundant natural trigger terms, and explicitly delineates its boundaries from related skills. The inclusion of both 'Use when' and 'Do NOT use' clauses makes it highly effective for skill selection in a multi-skill environment.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists concrete actions: 'remediate security vulnerabilities', 'finding safe upgrade paths', 'apply fixes automatically', and 'step-by-step fix instructions for a specific CVE, finding, or vulnerable package'. Multiple specific capabilities are clearly stated. | 3 / 3 |
Completeness | Clearly answers both 'what' (remediate security vulnerabilities by finding safe upgrade paths, apply fixes automatically) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes a 'Do NOT use' clause that further clarifies scope boundaries. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'fix this vulnerability', 'how do I fix CVE-XXXX', 'remediate this finding', 'patch this vuln', 'endor fix', plus mentions of CVE, finding, and vulnerable package. These are highly natural phrases. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear boundaries. Explicitly differentiates itself from scanning (/endor-scan) and viewing vulnerability info (/endor-explain), which are likely sibling skills. The focus on remediation/fixing creates a clear niche. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured remediation workflow skill with clear decision branching and good error handling. Its main weakness is the lack of concrete executable examples for API queries and MCP tool invocations, which would make it more immediately actionable. The progressive disclosure pattern is sound but cannot be fully validated without the referenced bundle files.
Suggestions
Add a concrete example of the `get_resource` MCP tool call with actual filter syntax, e.g., showing the exact parameters for querying a Finding by CVE ID
Include a complete worked example showing the full flow from CVE input to remediation output, so Claude can pattern-match on real data
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what CVEs are, how package managers work, or other concepts Claude already knows. Every section serves a clear purpose with no padding. | 3 / 3 |
Actionability | The workflow provides clear decision trees and references to other skills/tools, but lacks concrete executable examples. The MCP tool usage is described but not shown with actual filter syntax or API call examples. The remediation template is helpful but the actual fix application steps are deferred to reference files. | 2 / 3 |
Workflow Clarity | The 4-step workflow is clearly sequenced with explicit branching logic at each step (e.g., 'If found, go to Step 2', 'If unavailable, use /endor-check instead'). Error handling is presented in a clear table. The offer-to-apply step includes a validation checkpoint by asking the user before making changes. | 3 / 3 |
Progressive Disclosure | The skill references three separate files (references/install-commands.md, references/data-sources.md, references/cli-parsing.md) which shows good intent for progressive disclosure, but no bundle files were provided to verify these exist. The references are one-level deep and clearly signaled, but the main content could benefit from a quick-start summary before the detailed workflow. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.