endorlabs
59 verified skills295 total stars
endor-setup
Use when user asks to setup endorctl, install endorctl, run endorctl scan, scan for vulnerabilities, run endor scan or run Endor Labs scan or when any endorctl command fails with 'command not found', 'no such file or directory', authentication errors, 'unauthorized', '403', 'tenant not found', EOF error, or namespace/access errors.
data-ai5
findings-browser
Use this agent when the user wants to browse, filter, summarize, or inspect existing Endor Labs findings. Findings Browser uses read-only Endor evidence to list matching findings, explain applied filters, surface pagination and truncation limits, and identify data gaps without starting new scans or performing remediation actions.
data-ai5
findings-browser
Use this agent when the user wants to browse, filter, summarize, or inspect existing Endor Labs findings. Findings Browser uses read-only Endor evidence to list matching findings, explain applied filters, surface pagination and truncation limits, and identify data gaps without starting new scans or performing remediation actions.
data-ai5
findings-browser
Use this agent when the user wants to browse, filter, summarize, or inspect existing Endor Labs findings. Findings Browser uses read-only Endor evidence to list matching findings, explain applied filters, surface pagination and truncation limits, and identify data gaps without starting new scans or performing remediation actions.
data-ai5
malware-response
Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems.
development5
sca-remediation
Plan and remediate dependency vulnerabilities with Endor SCA findings, VersionUpgrade/UIA evidence, separate low-risk PR lanes, deterministic risk decisions, local validation, and approved PR/MR creation.
testing5
package-risk-summary
Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps.
testing5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Antigravity CLI, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Antigravity CLI, Endor MCP, or workflow prerequisites.
tools5
probe-droid
Use this agent when the user wants to assess GitHub repository onboarding gaps for Endor Labs monitored-branch coverage. Probe Droid compares github.com organization or repository inventory with Endor project, GitHub App, package, scan, scan profile, package manager integration, dependency resolution, and reachability evidence, then returns human-readable setup actions without mutating source, GitHub, or Endor state.
data-ai5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Claude Code, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Endor MCP, or workflow prerequisites.
tools5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Claude Code, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Endor MCP, or workflow prerequisites.
tools5
dependency-decision-helper
Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps.
tools5
findings-browser
Use this agent when the user wants to browse, filter, summarize, or inspect existing Endor Labs findings. Findings Browser uses read-only Endor evidence to list matching findings, explain applied filters, surface pagination and truncation limits, and identify data gaps without starting new scans or performing remediation actions.
data-ai5
malware-response
Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems.
development5
sca-remediation
Plan and remediate dependency vulnerabilities with Endor SCA findings, VersionUpgrade/UIA evidence, separate low-risk PR lanes, deterministic risk decisions, local validation, and approved PR/MR creation.
testing5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Codex, checking readiness, installing or updating bundled Codex custom agents, verifying Endor auth, or diagnosing missing endorctl, gh, namespace, or toolchain prerequisites.
tools5
probe-droid
Use this agent when the user wants to assess GitHub repository onboarding gaps for Endor Labs monitored-branch coverage. Probe Droid compares github.com organization or repository inventory with Endor project, GitHub App, package, scan, scan profile, package manager integration, dependency resolution, and reachability evidence, then returns human-readable setup actions without mutating source, GitHub, or Endor state.
data-ai5
sca-remediation
Plan and remediate dependency vulnerabilities with Endor SCA findings, VersionUpgrade/UIA evidence, separate low-risk PR lanes, deterministic risk decisions, local validation, and approved PR/MR creation.
testing5
endor-troubleshooter
Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state.
data-ai5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Gemini CLI, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Gemini CLI, Endor MCP, or workflow prerequisites.
tools5
vulnerability-explainer
Use this agent when the user asks what a specific vulnerability means and how to reason about it. Examples: "Explain CVE-2021-44228", "What does CVE-2021-45046 mean for log4j-core?", "Summarize this Endor vulnerability and tell me what to do next." Returns a concise vulnerability explanation with severity, exploitability, affected context, remediation guidance, and any data gaps.
testing5
upgrade-impact-analysis
Use this agent when the user asks for Endor Labs Upgrade Impact Analysis: safe upgrade paths, upgrade risk, findings fixed or introduced, Code Impact Analysis, breaking changes, manifest targeting, or whether a dependency upgrade should happen now. The artifact queries Endor's read-only VersionUpgrade workflow through documented Endor API or endorctl paths.
development5
probe-droid
Use this agent when the user wants to assess GitHub repository onboarding gaps for Endor Labs monitored-branch coverage. Probe Droid compares github.com organization or repository inventory with Endor project, GitHub App, package, scan, scan profile, package manager integration, dependency resolution, and reachability evidence, then returns human-readable setup actions without mutating source, GitHub, or Endor state.
data-ai5
repository-dependency-reviewer
Use this agent inside a source repository when the user wants a read-only dependency risk review based on local manifests. It inspects dependency files, resolves exact package coordinates when possible, checks those coordinates with Endor MCP tools, and reports risky dependencies, unresolved versions, recommended next checks, and data gaps.
tools5
probe-droid
Use this agent when the user wants to assess GitHub repository onboarding gaps for Endor Labs monitored-branch coverage. Probe Droid compares github.com organization or repository inventory with Endor project, GitHub App, package, scan, scan profile, package manager integration, dependency resolution, and reachability evidence, then returns human-readable setup actions without mutating source, GitHub, or Endor state.
data-ai5
sca-remediation
Plan and remediate dependency vulnerabilities with Endor SCA findings, VersionUpgrade/UIA evidence, separate low-risk PR lanes, deterministic risk decisions, local validation, and approved PR/MR creation.
testing5
upgrade-impact-analysis
Use this agent when the user asks for Endor Labs Upgrade Impact Analysis: safe upgrade paths, upgrade risk, findings fixed or introduced, Code Impact Analysis, breaking changes, manifest targeting, or whether a dependency upgrade should happen now. The artifact queries Endor's read-only VersionUpgrade workflow through documented Endor API or endorctl paths.
development5
cicd-posture
Use this agent when the user wants a read-only CI/CD and supply chain posture assessment for an Endor namespace, GitHub organization, repository set, or current repository. The agent combines existing Endor SCPM, CI/CD, GitHub Actions, and supply-chain findings with read-only GitHub configuration evidence and optional local CI file inspection, then returns deterministic scores, critical overrides, evidence queries, and data gaps without mutating Endor, GitHub, or repository state.
testing5
endor-troubleshooter
Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state.
data-ai5
endor-troubleshooter
Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state.
data-ai5
endor-troubleshooter
Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state.
data-ai5
ai-sast-triage
Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested.
data-ai5
ai-sast-triage
Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested.
data-ai5
ai-sast-triage
Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested.
data-ai5
endor-agent-kit-setup
Use when setting up Endor Labs Agent Kit for Cursor, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Endor MCP, or workflow prerequisites.
tools5
ai-sast-triage
Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested.
data-ai5
malware-response
Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems.
development5
malware-response
Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems.
development5
remediation-planner
Preview safe remediation options without opening PRs.
content-media5
dependency-decision-helper
Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps.
tools5
package-risk-summary
Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps.
testing5
vulnerability-explainer
Use this agent when the user asks what a specific vulnerability means and how to reason about it. Examples: "Explain CVE-2021-44228", "What does CVE-2021-45046 mean for log4j-core?", "Summarize this Endor vulnerability and tell me what to do next." Returns a concise vulnerability explanation with severity, exploitability, affected context, remediation guidance, and any data gaps.
testing5
cicd-posture
Use this agent when the user wants a read-only CI/CD and supply chain posture assessment for an Endor namespace, GitHub organization, repository set, or current repository. The agent combines existing Endor SCPM, CI/CD, GitHub Actions, and supply-chain findings with read-only GitHub configuration evidence and optional local CI file inspection, then returns deterministic scores, critical overrides, evidence queries, and data gaps without mutating Endor, GitHub, or repository state.
testing5
cicd-posture
Use this agent when the user wants a read-only CI/CD and supply chain posture assessment for an Endor namespace, GitHub organization, repository set, or current repository. The agent combines existing Endor SCPM, CI/CD, GitHub Actions, and supply-chain findings with read-only GitHub configuration evidence and optional local CI file inspection, then returns deterministic scores, critical overrides, evidence queries, and data gaps without mutating Endor, GitHub, or repository state.
testing5
remediation-planner
Preview safe remediation options without opening PRs.
content-media5
repository-dependency-reviewer
Use this agent inside a source repository when the user wants a read-only dependency risk review based on local manifests. It inspects dependency files, resolves exact package coordinates when possible, checks those coordinates with Endor MCP tools, and reports risky dependencies, unresolved versions, recommended next checks, and data gaps.
tools5
remediation-planner
Preview safe remediation options without opening PRs.
content-media5
vulnerability-explainer
Use this agent when the user asks what a specific vulnerability means and how to reason about it. Examples: "Explain CVE-2021-44228", "What does CVE-2021-45046 mean for log4j-core?", "Summarize this Endor vulnerability and tell me what to do next." Returns a concise vulnerability explanation with severity, exploitability, affected context, remediation guidance, and any data gaps.
testing5
upgrade-impact-analysis
Use this agent when the user asks for Endor Labs Upgrade Impact Analysis: safe upgrade paths, upgrade risk, findings fixed or introduced, Code Impact Analysis, breaking changes, manifest targeting, or whether a dependency upgrade should happen now. The artifact queries Endor's read-only VersionUpgrade workflow through documented Endor API or endorctl paths.
development5
package-risk-summary
Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps.
testing5
dependency-decision-helper
Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps.
tools5
dependency-decision-helper
Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps.
tools5
vulnerability-explainer
Use this agent when the user asks what a specific vulnerability means and how to reason about it. Examples: "Explain CVE-2021-44228", "What does CVE-2021-45046 mean for log4j-core?", "Summarize this Endor vulnerability and tell me what to do next." Returns a concise vulnerability explanation with severity, exploitability, affected context, remediation guidance, and any data gaps.
testing5
repository-dependency-reviewer
Use this agent inside a source repository when the user wants a read-only dependency risk review based on local manifests. It inspects dependency files, resolves exact package coordinates when possible, checks those coordinates with Endor MCP tools, and reports risky dependencies, unresolved versions, recommended next checks, and data gaps.
tools5
repository-dependency-reviewer
Use this agent inside a source repository when the user wants a read-only dependency risk review based on local manifests. It inspects dependency files, resolves exact package coordinates when possible, checks those coordinates with Endor MCP tools, and reports risky dependencies, unresolved versions, recommended next checks, and data gaps.
tools5
upgrade-impact-analysis
Use this agent when the user asks for Endor Labs Upgrade Impact Analysis: safe upgrade paths, upgrade risk, findings fixed or introduced, Code Impact Analysis, breaking changes, manifest targeting, or whether a dependency upgrade should happen now. The artifact queries Endor's read-only VersionUpgrade workflow through documented Endor API or endorctl paths.
development5
cicd-posture
Use this agent when the user wants a read-only CI/CD and supply chain posture assessment for an Endor namespace, GitHub organization, repository set, or current repository. The agent combines existing Endor SCPM, CI/CD, GitHub Actions, and supply-chain findings with read-only GitHub configuration evidence and optional local CI file inspection, then returns deterministic scores, critical overrides, evidence queries, and data gaps without mutating Endor, GitHub, or repository state.
testing5
package-risk-summary
Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps.
testing5
remediation-planner
Preview safe remediation options without opening PRs.
content-media5