endor-fix

Remediate security vulnerabilities by finding safe upgrade paths. Use when the user says "fix this vulnerability", "how do I fix CVE-XXXX", "remediate this finding", "patch this vuln", "endor fix", or wants step-by-step fix instructions for a specific CVE, finding, or vulnerable package. Can apply fixes automatically. Do NOT use for general scanning (/endor-scan) or just viewing vulnerability info (/endor-explain).

Quality

88%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured remediation workflow skill with clear decision branching and good error handling. Its main weakness is the lack of concrete executable examples for API queries and MCP tool invocations, which would make it more immediately actionable. The progressive disclosure pattern is sound but cannot be fully validated without the referenced bundle files.

Suggestions

Add a concrete example of the `get_resource` MCP tool call with actual filter syntax, e.g., showing the exact parameters for querying a Finding by CVE ID

Include a complete worked example showing the full flow from CVE input to remediation output, so Claude can pattern-match on real data

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient. It avoids explaining what CVEs are, how package managers work, or other concepts Claude already knows. Every section serves a clear purpose with no padding.	3 / 3
Actionability	The workflow provides clear decision trees and references to other skills/tools, but lacks concrete executable examples. The MCP tool usage is described but not shown with actual filter syntax or API call examples. The remediation template is helpful but the actual fix application steps are deferred to reference files.	2 / 3
Workflow Clarity	The 4-step workflow is clearly sequenced with explicit branching logic at each step (e.g., 'If found, go to Step 2', 'If unavailable, use /endor-check instead'). Error handling is presented in a clear table. The offer-to-apply step includes a validation checkpoint by asking the user before making changes.	3 / 3
Progressive Disclosure	The skill references three separate files (references/install-commands.md, references/data-sources.md, references/cli-parsing.md) which shows good intent for progressive disclosure, but no bundle files were provided to verify these exist. The references are one-level deep and clearly signaled, but the main content could benefit from a quick-start summary before the detailed workflow.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that clearly defines its purpose (remediating vulnerabilities via safe upgrade paths), provides abundant natural trigger terms, and explicitly delineates its boundaries from related skills. The inclusion of both 'Use when' and 'Do NOT use' clauses makes it highly effective for skill selection in a multi-skill environment.

Dimension	Reasoning	Score
Specificity	Lists concrete actions: 'remediate security vulnerabilities', 'finding safe upgrade paths', 'apply fixes automatically', and 'step-by-step fix instructions for a specific CVE, finding, or vulnerable package'. Multiple specific capabilities are clearly stated.	3 / 3
Completeness	Clearly answers both 'what' (remediate security vulnerabilities by finding safe upgrade paths, apply fixes automatically) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes a 'Do NOT use' clause that further clarifies scope boundaries.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms users would say: 'fix this vulnerability', 'how do I fix CVE-XXXX', 'remediate this finding', 'patch this vuln', 'endor fix', plus mentions of CVE, finding, and vulnerable package. These are highly natural phrases.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with clear boundaries. Explicitly differentiates itself from scanning (/endor-scan) and viewing vulnerability info (/endor-explain), which are likely sibling skills. The focus on remediation/fixing creates a clear niche.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.