golang-code-review

Security checks across malware telemetry and agentic risk

Overview

This is a local Go code-review helper with some quality and reliability limitations, but no evidence of hidden access, credential use, exfiltration, or unsafe persistence.

Install only if you want a lightweight local Go review aid. Run formatting commands intentionally, review source-control diffs afterward, pin external tool versions in controlled environments, and do not rely on this skill as a complete security audit.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The call site passes arguments to checkRule in the wrong order: the rule ID is passed as the content parameter, while the actual file content is passed as the rule selector. As a result, the intended checks are largely skipped and the analyzer produces misleading results, which can hide real code-quality or security issues by giving users a false sense of coverage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal