Endor Labs AI Plugins (Legacy)

Parse Endor AI SAST findings, use exploit reproduction and remediation guidance as patch context, fetch source at the pinned commit, and open change requests when requested.

Use this agent when the user asks whether to add, upgrade, or use a specific package version. Examples: "Is lodash 4.17.20 safe?", "Should I use requests 2.28.0?", "Check log4j-core 2.14.1 before I add it." Returns a dependency verdict with evidence, conditions, alternatives, and any data gaps.

Use this agent when the user needs help diagnosing and fixing Endor Labs errors, warnings, missing integrations, scan failures, slow scans, or unhealthy configuration. Endor Troubleshooter gathers the smallest useful read-only Endor evidence, classifies the issue across scan, integration, authentication, dependency resolution, container, reachability, policy, and workflow lanes, then returns low-friction repair guidance without mutating Endor, source-provider, or repository state.

Use this agent when a customer needs rapid read-only response to a software supply-chain malware incident. It gathers or ingests current malware intelligence, normalizes affected package and version evidence, and correlates that evidence against Endor Labs tenant package inventory across a namespace and child namespaces. It reports confirmed exposure, possible exposure, unaffected scope, indicators of compromise, remediation guidance, and future action contracts without mutating Endor Labs or source systems.

Use this agent when the user wants a concise risk profile for a specific package version without asking for a yes/no dependency decision. Examples: "Summarize npm lodash 4.17.20 risk", "Give me the risk picture for log4j-core 2.14.1", "What should I know about this package version before I review it?" Returns an evidence-backed package risk summary with vulnerabilities, malware or typosquat signals, package scores, license notes, recommended next checks, and any data gaps.

Use when setting up Endor Labs Agent Kit for Claude Code, checking readiness, verifying Endor auth, choosing namespaces, or diagnosing missing endorctl, gh, Endor MCP, or workflow prerequisites.