endor-scan

Fast security scan of the current repository using Endor Labs. Use when the user says "scan my code", "quick scan", "endor scan", "scan this repo", "run a security scan", or wants a rapid overview of vulnerabilities, secrets, and SAST issues. Also handles incremental PR scans when user mentions "just my changes" or "PR scan". Do NOT use for deep reachability analysis (/endor-scan-full) or checking a single package (/endor-check).

Quality

89%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

79%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured, actionable skill that efficiently guides Claude through running Endor Labs security scans. Its strengths are concrete MCP tool parameters, clear decision logic for full vs. incremental scans, and a comprehensive error handling table. Minor weaknesses include the lack of explicit validation checkpoints between scan execution and result retrieval, and unverifiable file references due to missing bundle files.

Suggestions

Add an explicit validation checkpoint after Step 2 (e.g., 'Verify scan completed successfully before retrieving findings; if partial failure, note which scan types succeeded') to strengthen the workflow with a feedback loop.

Provide the referenced bundle files (references/reachability-tags.md, references/data-sources.md) or note their absence so the progressive disclosure structure is complete and verifiable.

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient. It avoids explaining what security scanning is or how MCP tools work. Every section serves a purpose—language detection, scan commands, result presentation, error handling—without padding or unnecessary context.	3 / 3
Actionability	Provides specific MCP tool parameters (path, scan_types, scan_options), concrete CLI fallback commands, exact flags, and a clear priority ordering for presenting results. The error handling table maps specific errors to specific actions. Fully actionable.	3 / 3
Workflow Clarity	Steps are clearly sequenced (detect → scan → retrieve details → present), and the error handling table is excellent. However, there's no explicit validation checkpoint after the scan step—e.g., checking scan exit status or verifying results before proceeding to detail retrieval. The partial success handling is mentioned only in the error section rather than as an inline checkpoint.	2 / 3
Progressive Disclosure	References to `references/reachability-tags.md` and `references/data-sources.md` are well-signaled and one level deep. However, no bundle files were provided, so these references cannot be verified. The next steps section nicely points to related skills. The error handling table is inline but reasonably sized; it could arguably be split out for a cleaner overview.	2 / 3
	Total	10 / 12 Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that hits all the marks. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear differentiation from related skills. The negative boundary guidance ('Do NOT use for...') is a particularly strong feature for disambiguation in a multi-skill environment.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: security scan, rapid overview of vulnerabilities, secrets, SAST issues, and incremental PR scans. Also explicitly distinguishes from related skills (deep reachability analysis, single package checks).	3 / 3
Completeness	Clearly answers both 'what' (fast security scan for vulnerabilities, secrets, SAST issues, incremental PR scans) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes explicit 'Do NOT use' guidance for disambiguation.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms users would say: 'scan my code', 'quick scan', 'endor scan', 'scan this repo', 'run a security scan', 'just my changes', 'PR scan'. These are highly natural phrases a user would actually type.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with clear boundaries. Explicitly differentiates itself from /endor-scan-full (deep reachability analysis) and /endor-check (single package), making it very unlikely to conflict with related skills.	3 / 3
	Total	12 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.