endor-review
Pre-PR security review of your current branch or git diff. Use when the user says "review my changes", "ready to merge", "pre-PR check", "security review before PR", "endor review", or is about to create a pull request. Runs dependency checks, SAST, secrets detection, and license compliance as a security gate. Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check).
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear boundaries distinguishing it from related skills (/endor-scan, /endor-check). The negative scope guidance is particularly valuable for preventing skill conflicts in a multi-skill environment.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'dependency checks, SAST, secrets detection, and license compliance as a security gate.' Also specifies the scope: 'current branch or git diff.' | 3 / 3 |
Completeness | Clearly answers both 'what' (pre-PR security review running dependency checks, SAST, secrets detection, license compliance) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'review my changes', 'ready to merge', 'pre-PR check', 'security review before PR', 'endor review', 'about to create a pull request'. These are phrases users would naturally say. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit negative boundaries ('Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check)'), clearly carving out its niche from related skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable skill that provides clear step-by-step guidance for pre-PR security reviews with specific MCP tool invocations and parameters. Its main strengths are the concrete workflow with fallback paths, explicit security gate criteria, and comprehensive error handling. Minor weaknesses include some verbosity in the output template section and the lack of bundle files to support referenced paths, though the content is generally well-organized.
Suggestions
Consider moving the detailed output template (Step 7) and security gate criteria table into a separate reference file to reduce the main skill's token footprint.
Verify that referenced paths like 'references/data-sources.md' exist in the bundle, or remove the reference if the file is not available.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient and avoids explaining basic concepts, but some sections could be tightened. For example, the categorization instruction ('Categorize changed files into: dependency manifests, source code, config files, CI/CD files') and some fallback explanations add moderate verbosity. The output template in Step 7 is lengthy but arguably necessary for a structured report. | 2 / 3 |
Actionability | The skill provides concrete, executable guidance throughout: specific git commands, named MCP tools with exact parameters (path, scan_types, scan_options with pr_incremental), specific output table formats, and clear security gate criteria with specific vulnerability types. The remediation step includes actionable fix templates with specific commands. | 3 / 3 |
Workflow Clarity | The workflow is clearly sequenced with 8 numbered steps, explicit fallback paths (e.g., 'Fall back to individual checks below if incremental scan unavailable'), validation through security gate criteria with BLOCK/WARN/PASS verdicts, and error handling for partial failures. The feedback loop of identifying blocking issues and providing specific fixes before merge is well-defined. | 3 / 3 |
Progressive Disclosure | The skill references 'references/data-sources.md' and the '/endor-fix' and '/endor-setup' commands, showing some awareness of external resources. However, no bundle files are provided to support these references, and the skill is fairly long (~100 lines of substantive content) with the full output template and security gate criteria inline rather than in a reference file. The structure is reasonable but could benefit from splitting the output template and gate criteria into a reference. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.