endor-review
Pre-PR security review of your current branch or git diff. Use when the user says "review my changes", "ready to merge", "pre-PR check", "security review before PR", "endor review", or is about to create a pull request. Runs dependency checks, SAST, secrets detection, and license compliance as a security gate. Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check).
90
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear boundaries distinguishing it from related skills. The negative scope guidance is particularly effective for preventing skill conflicts.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'dependency checks, SAST, secrets detection, and license compliance as a security gate.' Also specifies the scope: 'current branch or git diff' and clarifies what it does NOT do. | 3 / 3 |
Completeness | Clearly answers both 'what' (pre-PR security review running dependency checks, SAST, secrets detection, license compliance) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'review my changes', 'ready to merge', 'pre-PR check', 'security review before PR', 'endor review', 'about to create a pull request'. These are phrases users would naturally say. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit negative boundaries ('Do NOT use for scanning repos outside the current branch (/endor-scan) or checking individual packages (/endor-check)'), clearly carving out its niche from related skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, actionable pre-PR security review skill with clear step sequencing, specific tool invocations, and explicit security gate criteria. Its main weakness is moderate verbosity—some conditional logic is repeated across steps and the inline output template is lengthy. The workflow is strong with good fallback paths and error handling.
Suggestions
Consider extracting the output report template to a separate reference file to reduce inline bulk and improve progressive disclosure.
Consolidate the 'if not covered by Step 1' conditional logic into a single decision point after Step 1 rather than repeating it in Steps 3, 4, and 5.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but has some redundancy—Step 3-5 repeat 'if not covered by Step 1' conditions that could be consolidated, and some explanatory text like 'This only reports new findings introduced by the PR, not pre-existing issues' is somewhat unnecessary for Claude. The output template is detailed but justified given the structured reporting requirement. | 2 / 3 |
Actionability | Provides specific MCP tool names with exact parameters (scan_types arrays, scan_options objects), concrete git commands, specific output markdown templates, and clear security gate criteria with exact conditions. The guidance is precise enough to execute without ambiguity. | 3 / 3 |
Workflow Clarity | Clear 8-step sequence with explicit validation checkpoints (security gate criteria table), fallback paths (incremental scan → individual checks, _risks → _vulnerabilities), error handling table, and a clear verdict system (BLOCK/WARN/PASS) that serves as the validation gate before merge. | 3 / 3 |
Progressive Disclosure | Content is mostly inline in a single file which is reasonable for its length, but the output template takes significant space that could be referenced. There's one external reference to 'references/data-sources.md' that is well-signaled, but the skill is borderline monolithic with the full report template and all steps inline. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.