endor-policy
Create and manage Endor Labs security policies for automated enforcement. Use when the user says "create a policy", "block critical vulns", "endor policy", "security gate", "enforcement rules", "exception policy", or wants to define rules for blocking PRs, requiring reviews, or enforcing security standards. Do NOT use for one-time PR review (/endor-review) or viewing findings (/endor-findings).
95
93%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities, comprehensive trigger terms users would naturally use, explicit 'Use when' and 'Do NOT use' clauses, and clear boundaries distinguishing it from related skills. The negative trigger guidance is particularly valuable for avoiding conflicts with adjacent Endor Labs skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple concrete actions: 'Create and manage security policies', 'blocking PRs', 'requiring reviews', 'enforcing security standards', 'automated enforcement'. These are specific, actionable capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (create and manage Endor Labs security policies for automated enforcement) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes a 'Do NOT use' clause to prevent misuse, which adds clarity. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'create a policy', 'block critical vulns', 'endor policy', 'security gate', 'enforcement rules', 'exception policy'. These are phrases users would naturally say when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit negative boundaries ('Do NOT use for one-time PR review or viewing findings') and domain-specific triggers like 'endor policy', 'security gate'. This clearly separates it from related skills like /endor-review and /endor-findings. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
87%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a strong, well-structured skill that provides concrete, executable commands for Endor Labs policy management. The confirmation requirement before policy changes is a good safety measure. The main weakness is the lack of an explicit validation checkpoint in the workflow after policy creation — given that policy changes are org-wide and potentially destructive (blocking all PRs), a verify step should be part of the core workflow rather than relegated to 'Next Steps'.
Suggestions
Add an explicit validation step in the workflow after policy creation, such as running /endor-validate-policy against a test project to confirm the filter matches expected findings before the policy takes effect org-wide.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and well-structured. It uses tables for quick reference, provides only the necessary context, and doesn't explain concepts Claude already knows. Every section serves a clear purpose. | 3 / 3 |
Actionability | Provides fully executable, copy-paste ready bash commands for listing, creating, and managing policies. The JSON payloads are complete with actual filter syntax, and templates cover common use cases concretely. | 3 / 3 |
Workflow Clarity | The workflow covers list, create, and exception steps, and includes a confirmation requirement before destructive operations. However, there's no explicit validation/verification step after policy creation (e.g., verify the policy was created correctly, test it against existing findings before it blocks real PRs). The 'push a test commit' is in 'Next Steps' but not part of the core workflow as a checkpoint. | 2 / 3 |
Progressive Disclosure | Content is well-organized with clear sections (types, templates, workflow, errors). References to related commands (/endor-cicd, /endor-setup, /endor-findings, /endor-validate-policy) and external files (references/data-sources.md) are one level deep and clearly signaled. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.