skills-ideas

Analyze the impact of upgrading a dependency before you do it. Use when the user says "should I upgrade lodash", "what breaks if I update express", "upgrade impact", "endor upgrade", "breaking changes from upgrading", or wants to find the safest version that fixes vulnerabilities. Uses pre-computed Endor Labs data — no scanning required. Do NOT use for just checking vulnerabilities (/endor-check) or applying a fix (/endor-fix).

Troubleshoot Endor Labs scan errors and failures. Use when the user says "scan failed", "why did the scan fail", "endor troubleshoot", "fix scan error", "diagnose error", or pastes an error message from a failed scan. Matches errors against known patterns across NPM, Maven, PyPI, Go, Cargo, NuGet, RubyGems, and Packagist. Do NOT use for setup issues (/endor-setup) or general scanning (/endor-scan).

Manage Software Bill of Materials — export, import, analyze, and compare SBOMs in CycloneDX and SPDX formats. Use when the user says "generate SBOM", "export SBOM", "software bill of materials", "endor sbom", "compare SBOMs", "NTIA compliance", or needs component inventory for compliance. Do NOT use for vulnerability scanning (/endor-scan) or license analysis (/endor-license).