endor-validate-policy
Validate an Endor Labs policy against a project to test if it matches any findings. Use when the user says "validate policy", "test policy", "does this policy match", "endor validate", "check policy against project", or wants to verify that a policy (finding or exception) correctly targets findings in a specific project before enforcing it. Do NOT use for creating policies (/endor-policy) or viewing findings (/endor-findings).
72
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is an excellent skill description that hits all the marks. It provides a clear, specific action statement, comprehensive trigger terms covering natural user language, explicit 'Use when' and 'Do NOT use' clauses, and strong differentiation from related skills. The negative boundary-setting is particularly effective for avoiding conflicts in a multi-skill environment.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | The description clearly states the concrete action: 'Validate an Endor Labs policy against a project to test if it matches any findings.' It specifies the domain (Endor Labs), the action (validate/test policy), and the target (findings in a specific project). It also explicitly distinguishes what it does NOT do. | 3 / 3 |
Completeness | Clearly answers both 'what' (validate an Endor Labs policy against a project to test if it matches findings) and 'when' (explicit 'Use when...' clause with multiple trigger phrases). Additionally includes a 'Do NOT use' clause that further clarifies scope boundaries. | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural trigger terms: 'validate policy', 'test policy', 'does this policy match', 'endor validate', 'check policy against project'. These are phrases users would naturally say when needing this functionality, covering multiple variations. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive with explicit boundary-setting via the 'Do NOT use for creating policies (/endor-policy) or viewing findings (/endor-findings)' clause. This directly addresses potential conflicts with related skills and carves out a clear niche for policy validation specifically. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
77%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This is a well-structured, highly actionable skill that provides clear executable commands for all policy validation scenarios. Its main weakness is some redundancy around SBOM-based project handling, which is mentioned in four separate places. The workflow is clear with good error recovery guidance, and the output templates give Claude concrete formatting to follow.
Suggestions
Consolidate SBOM-based project guidance into a single prominent callout rather than repeating it across the dedicated section, Step 1, Step 2 examples, error handling table, and no-match output.
Consider grouping the many command variants in Step 2 into a concise reference table (flags × scenarios) rather than listing each as a separate code block to reduce token usage.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill is mostly efficient but includes some redundancy — the SBOM-based project guidance is repeated across multiple sections (dedicated section, Step 1, Step 2 examples, error handling, and 'no match' output). Some command variants could be consolidated. However, it generally avoids explaining concepts Claude already knows. | 2 / 3 |
Actionability | Provides fully executable, copy-paste-ready bash commands for every scenario (UUID-based, file-based, SBOM, PR scan, Rego, etc.). Input parsing requirements are specific, output templates are concrete with markdown table formats, and error handling maps specific errors to specific actions. | 3 / 3 |
Workflow Clarity | Clear 3-step workflow (Resolve → Validate → Present) with explicit branching for SBOM-based projects. The 'no match' section includes diagnostic reasoning and next steps, serving as a feedback loop. The error handling table provides clear recovery actions for each failure mode. | 3 / 3 |
Progressive Disclosure | The skill references `references/data-sources.md` at the end and cross-references other skills (`/endor-findings`, `/endor-policy`, `/endor-scan`, `/endor-setup`, `/endor-api`), but no bundle files are provided to verify these exist. The content is somewhat long (~120 lines of substantive content) with many command variants inline that could potentially be organized into a reference file, but for a single-purpose skill this is acceptable. | 2 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- endorlabs/skills-ideas
- Commit
b958adc
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.