endor-scan-full
Comprehensive security scan with full reachability analysis. Builds call graphs to determine which vulnerabilities are actually exploitable in your code. Use when the user says "full scan", "deep scan", "reachability scan", "which vulns are actually reachable", "endor scan full", or before a release. Takes 2-5 minutes. Do NOT use for quick daily scans (/endor-scan) or checking individual packages (/endor-check).
94
92%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific concrete actions (call graph building, reachability analysis), comprehensive trigger terms users would naturally use, explicit 'Use when' and 'Do NOT use' clauses, and clear differentiation from related skills. The inclusion of expected duration (2-5 minutes) and negative boundaries further strengthens its utility for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'security scan', 'full reachability analysis', 'builds call graphs', 'determine which vulnerabilities are actually exploitable'. These are concrete, well-defined capabilities. | 3 / 3 |
Completeness | Clearly answers both 'what' (comprehensive security scan with reachability analysis, builds call graphs to find exploitable vulnerabilities) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes helpful negative guidance ('Do NOT use for...'). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'full scan', 'deep scan', 'reachability scan', 'which vulns are actually reachable', 'endor scan full', 'before a release'. These are phrases users would naturally say. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit differentiation from related skills (/endor-scan for quick daily scans, /endor-check for individual packages). The negative guidance creates clear boundaries, making it very unlikely to conflict with similar security scanning skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
85%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured skill with strong actionability and workflow clarity. The multi-step process is clearly sequenced with cache validation, error handling, and explicit tool parameters. Minor verbosity in the introductory comparison table and warning text could be trimmed, but overall the content is efficient and well-organized with appropriate progressive disclosure to reference files.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Generally efficient but includes some unnecessary elements like the duration warning text (Claude doesn't need to be told to warn users in a quoted block) and the comparison table at the top which is more informational than instructional. The cache format JSON and priority classification tables earn their place though. | 2 / 3 |
Actionability | Provides concrete MCP tool parameters (path, scan_types, scan_options), a complete CLI fallback command, specific cache file paths, exact JSON cache format, and clear priority classification rules. The workflow steps are specific and executable. | 3 / 3 |
Workflow Clarity | Clear 5-step sequence with explicit validation checkpoints: check cache before scanning, warn about duration, handle errors without writing cache, fetch details after successful scan, and a well-structured error handling table with specific recovery actions. The cache-first pattern is a good feedback loop. | 3 / 3 |
Progressive Disclosure | Appropriately references external files (references/reachability-tags.md, references/data-sources.md) for detailed content, keeps the main skill focused on the workflow, and uses clear section headers for navigation. References are one level deep and well-signaled. | 3 / 3 |
Total | 11 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.