{"skill":{"slug":"go-vuln-crypto-tls","displayName":"Go Vuln Crypto Tls","summary":"Use when auditing Go code involving TLS configuration, certificate validation, JWT token parsing, SAML assertion verification, webhook signature checking, or...","tags":{"latest":"0.1.0"},"stats":{"comments":0,"downloads":245,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1773476177307,"updatedAt":1777526017193},"latestVersion":{"version":"0.1.0","createdAt":1773476177307,"changelog":"Initial skill release for auditing Go crypto/TLS code vulnerabilities:\n\n- Detects insecure TLS configurations (e.g., InsecureSkipVerify, weak mTLS, CA misconfig).\n- Covers JWT/SAML signature verification misuse, including algorithm confusion and XML signature wrapping.\n- Provides grep-based detection paths and a step-by-step audit checklist for CWE-295, CWE-347, CWE-345.\n- Covers correct/incorrect HMAC comparison practices for webhook signature validation.\n- Includes extensive exclusion guidance to reduce false positives.\n- References real-world vulnerabilities for context.","license":"MIT-0"},"metadata":null,"owner":{"handle":"yhy0","userId":"s172p34p6emz34m9wrf8241gp983hjhz","displayName":"yhy","image":"https://avatars.githubusercontent.com/u/31311038?v=4"},"moderation":null}