Go Middleware

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Go middleware guide with a logging caveat but no hidden execution, data access, or persistence.

Reasonable to install as a Go middleware reference. When applying its examples, review production logging policy: avoid logging secrets, tokens, sensitive request data, or unrestricted panic stack traces to broadly accessible logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guidance recommends logging full panic stack traces via `debug.Stack()` but does not warn that stack traces and panic values can contain sensitive internal information such as file paths, code structure, request-derived data, secrets accidentally embedded in memory or error strings, and infrastructure details. In a middleware skill intended for reuse across services, this pattern can normalize unsafe production logging and increase the risk of information disclosure through centralized log systems or log access by attackers and low-privilege operators.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal