endor-fix
Remediate security vulnerabilities by finding safe upgrade paths. Use when the user says "fix this vulnerability", "how do I fix CVE-XXXX", "remediate this finding", "patch this vuln", "endor fix", or wants step-by-step fix instructions for a specific CVE, finding, or vulnerable package. Can apply fixes automatically. Do NOT use for general scanning (/endor-scan) or just viewing vulnerability info (/endor-explain).
94
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that covers all key dimensions well. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clearly distinguishes itself from related skills. The negative boundary guidance ('Do NOT use for...') is a particularly strong feature that reduces misselection risk.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists concrete actions: 'remediate security vulnerabilities', 'finding safe upgrade paths', 'apply fixes automatically', and 'step-by-step fix instructions for a specific CVE, finding, or vulnerable package'. These are specific, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (remediate security vulnerabilities by finding safe upgrade paths, apply fixes automatically) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes a 'Do NOT use' clause to further clarify boundaries. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'fix this vulnerability', 'how do I fix CVE-XXXX', 'remediate this finding', 'patch this vuln', 'endor fix', plus mentions of CVE, finding, and vulnerable package. These are highly natural phrases. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with clear boundaries. Explicitly differentiates itself from scanning (/endor-scan) and viewing vulnerability info (/endor-explain), reducing conflict risk. The focus on remediation/fixing is a clear niche. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured remediation workflow skill with clear branching logic, good progressive disclosure to reference files and sub-skills, and efficient use of tokens. The main weakness is that actionability could be improved with concrete examples of actual API queries/filters rather than just describing what to query, and the output template, while helpful, uses only placeholders without a worked example.
Suggestions
Add a concrete example showing an actual API filter query for a Finding resource (e.g., the exact filter string for querying by CVE ID) to improve actionability.
Include one complete worked example showing the full workflow from a specific CVE input through to the final remediation output to make the skill more copy-paste actionable.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what CVEs are, how package managers work, or other concepts Claude already knows. Every section serves a clear purpose with no padding. | 3 / 3 |
Actionability | The workflow provides clear step-by-step guidance with specific tool references (MCP tools, skill references), but lacks concrete executable examples — the remediation template uses placeholders and the actual API queries/filters are not shown. Key details like how to construct the filter for Finding resources are missing. | 2 / 3 |
Workflow Clarity | The multi-step workflow is clearly sequenced with explicit branching logic (if found → go to Step 2, if not → use alternative skill). Each step has clear decision points and fallback paths. The error handling table covers common failure modes with specific actions. | 3 / 3 |
Progressive Disclosure | The skill provides a clear overview workflow while appropriately delegating details to referenced files (references/install-commands.md, references/data-sources.md, references/cli-parsing.md) and other skills (/endor-api, /endor-check, /endor-upgrade-impact). References are one level deep and clearly signaled. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.