endor-scan
Fast security scan of the current repository using Endor Labs. Use when the user says "scan my code", "quick scan", "endor scan", "scan this repo", "run a security scan", or wants a rapid overview of vulnerabilities, secrets, and SAST issues. Also handles incremental PR scans when user mentions "just my changes" or "PR scan". Do NOT use for deep reachability analysis (/endor-scan-full) or checking a single package (/endor-check).
100
100%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides specific capabilities, abundant natural trigger terms, explicit 'Use when' and 'Do NOT use' clauses, and clear differentiation from related skills. The negative boundary guidance is particularly effective for preventing skill conflicts in a multi-skill environment.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: security scan, rapid overview of vulnerabilities, secrets, SAST issues, and incremental PR scans. Also explicitly distinguishes from related skills (deep reachability analysis, single package checks). | 3 / 3 |
Completeness | Clearly answers both 'what' (fast security scan for vulnerabilities, secrets, SAST issues, incremental PR scans) and 'when' (explicit 'Use when' clause with multiple trigger phrases). Also includes 'Do NOT use' guidance for disambiguation. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms users would say: 'scan my code', 'quick scan', 'endor scan', 'scan this repo', 'run a security scan', 'just my changes', 'PR scan'. These are highly natural phrases a user would actually type. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit boundary-setting via 'Do NOT use for deep reachability analysis (/endor-scan-full) or checking a single package (/endor-check)', clearly carving out its niche relative to sibling skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
100%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-crafted skill that efficiently guides Claude through a security scanning workflow. It excels at providing concrete, executable guidance with proper MCP tool parameters and CLI fallbacks, while maintaining excellent structure with clear step sequencing, error handling, and progressive disclosure to related resources. The content is appropriately concise, avoiding unnecessary explanations while covering all necessary decision points and edge cases.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient. It avoids explaining what security scanning is or how MCP tools work. Every section delivers actionable information without padding. Language detection is presented as a compact list rather than verbose explanation. | 3 / 3 |
Actionability | Provides concrete MCP tool parameters (path, scan_types, scan_options with exact JSON), executable CLI fallback commands, specific flags, and clear decision criteria for choosing between full and incremental scans. The output format is specified with exact table structures and priority ordering. | 3 / 3 |
Workflow Clarity | Clear 4-step sequence from detection through presentation. Includes explicit handling of partial failures (present available results, note failures), error recovery table with specific actions per error type, and decision points for scan mode selection. The feedback loop for auth errors is explicit. | 3 / 3 |
Progressive Disclosure | Well-structured overview with clear one-level-deep references to references/reachability-tags.md and references/data-sources.md. Next steps section cleanly points to related skills (/endor-fix, /endor-scan-full, /endor-check, /endor-explain) without inlining their content. Content is appropriately split across sections. | 3 / 3 |
Total | 12 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
344e7ff
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.