endor-review

Pre-PR security review of your current branch or git diff. Use when the user says "review my changes", "ready to merge", "pre-PR check", "security review before PR", "endor review", or is about to create a pull request. Runs dependency checks, SAST, secrets detection, and license compliance as a security gate. Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check).

Quality

88%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, actionable skill that provides clear step-by-step guidance for pre-PR security reviews with specific MCP tool invocations and parameters. Its main strengths are the concrete workflow with fallback paths, explicit security gate criteria, and comprehensive error handling. Minor weaknesses include some verbosity in the output template section and the lack of bundle files to support referenced paths, though the content is generally well-organized.

Suggestions

Consider moving the detailed output template (Step 7) and security gate criteria table into a separate reference file to reduce the main skill's token footprint.

Verify that referenced paths like 'references/data-sources.md' exist in the bundle, or remove the reference if the file is not available.

Dimension	Reasoning	Score
Conciseness	The skill is mostly efficient and avoids explaining basic concepts, but some sections could be tightened. For example, the categorization instruction ('Categorize changed files into: dependency manifests, source code, config files, CI/CD files') and some fallback explanations add moderate verbosity. The output template in Step 7 is lengthy but arguably necessary for a structured report.	2 / 3
Actionability	The skill provides concrete, executable guidance throughout: specific git commands, named MCP tools with exact parameters (path, scan_types, scan_options with pr_incremental), specific output table formats, and clear security gate criteria with specific vulnerability types. The remediation step includes actionable fix templates with specific commands.	3 / 3
Workflow Clarity	The workflow is clearly sequenced with 8 numbered steps, explicit fallback paths (e.g., 'Fall back to individual checks below if incremental scan unavailable'), validation through security gate criteria with BLOCK/WARN/PASS verdicts, and error handling for partial failures. The feedback loop of identifying blocking issues and providing specific fixes before merge is well-defined.	3 / 3
Progressive Disclosure	The skill references 'references/data-sources.md' and the '/endor-fix' and '/endor-setup' commands, showing some awareness of external resources. However, no bundle files are provided to support these references, and the skill is fairly long (~100 lines of substantive content) with the full output template and security gate criteria inline rather than in a reference file. The structure is reasonable but could benefit from splitting the output template and gate criteria into a reference.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that hits all the marks. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear boundaries distinguishing it from related skills (/endor-scan, /endor-check). The negative scope guidance is particularly valuable for preventing skill conflicts in a multi-skill environment.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: 'dependency checks, SAST, secrets detection, and license compliance as a security gate.' Also specifies the scope: 'current branch or git diff.'	3 / 3
Completeness	Clearly answers both 'what' (pre-PR security review running dependency checks, SAST, secrets detection, license compliance) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms: 'review my changes', 'ready to merge', 'pre-PR check', 'security review before PR', 'endor review', 'about to create a pull request'. These are phrases users would naturally say.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with explicit negative boundaries ('Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check)'), clearly carving out its niche from related skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.