endor

Main Endor Labs security router. Use when the user says "endor", "endor labs", or asks a general security question without specifying a particular endor command. Routes ambiguous requests like "check my security", "help with this dependency", or "what security tools are available" to the right specialized skill. Do NOT use when the user names a specific command like /endor-scan, /endor-check, /endor-fix, etc. — those skills handle themselves directly.

Quality

83%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Quality

Content

77%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a well-structured routing skill that efficiently maps user intents to specialized sub-skills. Its strengths are conciseness, clear tabular organization, and comprehensive coverage of edge cases (ambiguous requests, auth errors, first-time users). Its main weakness is limited actionability — as a router it necessarily delegates concrete actions, but it could benefit from a brief example interaction or a concrete MCP tool call example for the fallback scenario.

Suggestions

Add a concrete example of an MCP tool call or CLI fallback command (e.g., `npx -y endorctl --help`) to improve actionability in the MCP Fallback Policy section.

Clarify or expand the reference to `references/data-sources.md` — consider adding a brief note about what it contains and when to consult it.

Dimension	Reasoning	Score
Conciseness	The content is lean and efficient. It uses tables for routing and error handling, avoids explaining what Endor Labs is or how MCP works, and every section serves a clear purpose. No unnecessary padding or explanations of concepts Claude already knows.	3 / 3
Actionability	The routing table is concrete and actionable for intent detection, and error handling provides specific actions. However, there are no executable code examples or copy-paste commands — the skill is primarily a routing/decision guide rather than providing concrete executable steps. The MCP fallback section mentions `npx -y endorctl` but doesn't show usage examples.	2 / 3
Workflow Clarity	For a routing skill, the workflow is clear and well-sequenced: detect intent → route to skill, handle ambiguity → ask clarifying question, detect first-time user → suggest setup/demo, handle errors → specific actions per error type. The decision tree is unambiguous and covers edge cases like auth failures and ambiguous requests.	3 / 3
Progressive Disclosure	The skill references `references/data-sources.md` and routes to many sub-skills, which is good progressive disclosure in principle. However, no bundle files are provided to verify these references exist, and the single reference to `references/data-sources.md` is somewhat buried. The content itself is well-organized with clear sections but could better signal what additional resources are available.	2 / 3
	Total	10 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted router skill description that excels at completeness and distinctiveness. It clearly defines its role as an intermediary for ambiguous Endor Labs security requests, includes strong positive and negative trigger guidance, and explicitly differentiates itself from specialized command-specific skills. The only minor weakness is that the core capability (routing) is inherently less specific than action-oriented skills, but this is appropriate for a router's purpose.

Dimension	Reasoning	Score
Specificity	The description names the domain (Endor Labs security routing) and describes the action of routing ambiguous requests, but the concrete actions are limited to routing/dispatching rather than listing multiple specific capabilities. It does mention examples of what it routes ('check my security', 'help with this dependency') which adds some specificity.	2 / 3
Completeness	Clearly answers both 'what' (routes ambiguous Endor Labs security requests to specialized skills) and 'when' (explicit 'Use when' clause with trigger terms, plus a 'Do NOT use when' clause for exclusions). The inclusion of both positive and negative trigger guidance is thorough.	3 / 3
Trigger Term Quality	Excellent coverage of natural trigger terms: 'endor', 'endor labs', 'check my security', 'help with this dependency', 'what security tools are available'. It also includes negative triggers (when NOT to use it) like '/endor-scan', '/endor-check', '/endor-fix', which helps Claude distinguish routing scenarios.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive — it explicitly carves out its niche as the general router for ambiguous Endor Labs requests and clearly delineates boundaries by listing specific commands that should NOT trigger this skill. This makes it very unlikely to conflict with the specialized Endor skills.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: endorlabs/skills-ideas
Commit: b958adc

Reviewed: about 1 month ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.