Go2.gg
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward Go2.gg API guide, but it can use a Go2.gg API key to create, edit, list, or delete links in the user's account.
Before installing, be comfortable giving the agent access to a Go2.gg API key and review any create, update, or delete operation carefully, especially for public or business-critical short links.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on the wrong link ID, the agent could change where a short link redirects or remove it from the account.
The skill documents API calls that can modify or delete Go2.gg links. This is purpose-aligned, but mistakes could affect live short links.
### Update a Link ... curl -X PATCH ... ### Delete a Link ... curl -X DELETE
Confirm the exact link ID, destination URL, and intended action before running update or delete requests.
Anyone or any agent using this key may be able to manage links and view analytics permitted by the Go2.gg account.
The skill expects a bearer API key for Go2.gg account access. This credential use is disclosed and fits the service, but it enables account-level API operations.
Requires GO2GG_API_KEY env var ... Auth: `Authorization: Bearer $GO2GG_API_KEY`
Use a scoped or revocable API key if Go2.gg supports it, store it securely, and revoke it if the skill is no longer needed.
Users have less registry-level information for verifying who published the skill, but the artifact does not include hidden install code.
The package has limited provenance metadata, although no runnable code or install-time dependency is present in the supplied artifacts.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Verify Go2.gg API documentation and the publisher before trusting the skill with an API key.