Go Security Vulnerability
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Go vulnerability-scanning and remediation skill, but users should review its system-level Go setup snippet and dependency-changing commands before running them.
Use this skill in a Go project where you are comfortable modifying dependencies. Install or update Go through a trusted method, review all dependency changes, and run the recommended build and test checks before accepting fixes.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run, this could modify the local system Go installation or require elevated privileges.
The skill includes a setup script that downloads a remote Go archive and extracts it into a system directory. Installing Go is aligned with the skill purpose, but users should verify the source, platform, and need for privileged writes.
"script": "curl -L https://golang.org/dl/go1.21.5.linux-amd64.tar.gz | tar -C /usr/local -xzf -"
Prefer installing Go through a trusted package manager or verify the official download and checksum before extracting into /usr/local.
Dependency updates may alter build behavior, introduce regressions, or change transitive packages.
The skill recommends commands that update dependencies and rewrite module files. This is expected for vulnerability remediation, but it can change application behavior.
go get -u vulnerable/package@latest go mod tidy
Review go.mod/go.sum diffs, run tests, and avoid broad updates unless they are needed for the specific vulnerability fix.