Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From ai-plugins
Sets up Endor Labs Agent Kit for Cursor: checks environment readiness, verifies Endor and GitHub auth, selects namespaces, and diagnoses missing prerequisites like endorctl, gh, or workflow tooling.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ai-plugins:endor-agent-kit-setupThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
<!-- Generated by Endor Labs Agent Kit. Do not hand-edit installed copies. -->
Generated for the Endor Labs Agent Kit Cursor package.
Triage AI SAST findings -> skill ai-sast-triageAssess CI/CD and supply chain posture -> skill cicd-postureDependency Decision Helper -> skill dependency-decision-helperDiagnose Endor setup and scan issues -> skill endor-troubleshooterFindings Browser -> skill findings-browserMalware Response -> skill malware-responsePackage Risk Summary -> skill package-risk-summaryAssess GitHub onboarding gaps -> skill probe-droidRemediation Planner -> skill remediation-plannerRepository Dependency Reviewer -> skill repository-dependency-reviewerFind safe SCA remediation paths -> skill sca-remediationUpgrade Impact Analysis -> skill upgrade-impact-analysisVulnerability Explainer -> skill vulnerability-explainerInstall or update this package through Cursor's plugin-loading mechanism only after user approval. The generated Cursor package uses repository-root .cursor-plugin/ metadata, root agents/, root skills/, hooks/, and assets/logo.png.
This Cursor package is separate from the Gemini CLI extension under plugins/gemini/endor-labs-agent-kit/. Do not use Cursor installation steps to install Gemini CLI files, and do not use Gemini extension files as Cursor package metadata.
Use this setup workflow when the user asks to install, check, update, or remove
Endor Labs Agent Kit plugin support files, or when an Endor Agent Kit workflow
is blocked by missing endorctl, GitHub CLI, authentication, namespace, or
local toolchain readiness.
Be proactive about checking the environment, but do not make persistent changes without explicit user approval. Report evidence for each check. Never print secret values.
Setup may:
endorctl, gh, git, and
workflow-relevant language tooling.ENDOR_NAMESPACE from the current process environment and report it as
namespace provenance when present.~/.endorctl/config.yaml for non-secret fields such as
ENDOR_API and ENDOR_NAMESPACE.ENDOR_API_CREDENTIALS_* authentication variables by
key name only.gh authentication and point to official installation guidance.Setup must not:
endorctl scan.endorctl host-check.~/.endorctl/config.yaml or secret values.ENDORCTL_CONFIG or
--config-path at tenant-specific, customer-specific, production, backup,
or other non-default Endor config directories.ENDOR_API_CREDENTIALS_KEY or ENDOR_API_CREDENTIALS_SECRET..zshrc, .bashrc, or PowerShell profile.gh, package managers, language runtimes, Docker, JDKs, or build
tooling.Start with a concise readiness report. Separate configured state from verified state.
Include these sections when relevant:
For Endor auth, report sanitized fields only:
Endor config: found
API endpoint: https://api.endorlabs.com
Namespace candidates:
- ENDOR_NAMESPACE: not set
- ~/.endorctl/config.yaml ENDOR_NAMESPACE: example-namespace
Selected namespace: example-namespace from ~/.endorctl/config.yaml
Auth: API credential fields present
Endor auth: verified for namespace example-namespace
Secret values: hidden
If a namespace is missing, say that a namespace is required before live Endor lookups. If a namespace is detected, let the user use it or override it for the current workflow.
If ENDOR_NAMESPACE from the current process environment and
~/.endorctl/config.yaml disagree, surface both values and stop before live
Endor lookups. Ask the user which namespace to use for this workflow. Do not
silently trust either value, and do not unset environment variables or edit
config files unless the user explicitly asks for that separate operational
cleanup.
When the user selects or supplies a namespace, later workflow agents must pass
it explicitly with -n <namespace> or --namespace <namespace> for scoped
Endor lookups rather than relying on bare endorctl namespace resolution.
If endorctl is missing, offer documented install options in this order:
Only install endorctl after explicit approval. If installing to ~/bin, tell
the user how to update PATH for the current shell. Do not edit shell profiles.
If API credential fields are present, do not run browser auth unless the user
explicitly asks to switch or re-authenticate. If API credential setup is needed,
tell the user to set ENDOR_API_CREDENTIALS_KEY and
ENDOR_API_CREDENTIALS_SECRET through their preferred secure environment
mechanism.
When browser or SSO authentication is requested, confirm the namespace first. Use non-interactive flags where supported. If multi-tenant selection appears, summarize the available tenant choices and ask the user before retrying.
Prefer documented Endor API or endorctl api lookups for workflows that support
them. Configure Endor MCP only when a selected MCP-capable workflow needs it or
the user explicitly asks for it.
The distribution may include ready-to-use Endor MCP config snippets such as
root .mcp.json or Gemini mcpServers metadata. Treat those files as setup
inputs, not permission to start or register MCP without approval.
When MCP setup is requested:
npx is available.endorctl is available.npx -y endorctl ai-tools mcp-server.endor-cli-tools is already registered, report it and ask before
changing anything.Do not claim Endor MCP tools are available to a workflow until the host exposes
them in the current session. If MCP tools are unavailable, continue with
CLI-first workflows when they support endorctl api; otherwise record the
missing MCP capability in data_gaps.
Check gh auth status when workflows need GitHub evidence, repository
inventory, pull requests, or comments. If gh is missing, provide current
official installation guidance instead of installing it automatically.
Do not manage GitHub token scopes or create personal access tokens. Verify only the specific read or write capability needed for the selected workflow.
Detect and report workflow-relevant package managers, language runtimes, and build tools. Do not install them.
When tooling is missing, report the affected validation step and ask the user to install it through their team-standard toolchain.
Setup never performs remediation, creates branches, opens PRs/MRs, posts comments, writes Endor policies, or runs scans. Mutating workflows such as SCA Remediation and AI SAST Triage keep those actions behind their generated agent approval gates.
Blocks Edit/Write/Bash actions until Claude investigates importers, data schemas, and user instructions. Improves output quality by forcing concrete facts before edits.
npx claudepluginhub endorlabs/ai-plugins --plugin endor-labs-agent-kit