Golang Grpc
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only Go gRPC guidance skill with expected code-editing, build, and documentation-lookup permissions.
This skill appears safe to install for Go gRPC development guidance. Use normal coding-agent precautions: inspect generated or edited files, be careful with git commands, and do not include secrets or proprietary internals in external documentation lookups.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may edit code, generate protobuf outputs, run Go tooling, and use git commands while helping with gRPC work.
The skill can read and modify project files and run scoped development commands. This is expected for implementing and reviewing Go gRPC code, but it gives the agent real ability to change the local repository.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) ... Bash(protoc:*)
Review file diffs and command effects before accepting changes, especially for git operations or generated code.
Documentation lookups may disclose non-sensitive project or library context through search/query terms.
The skill explicitly permits external documentation lookups through WebFetch and Context7 MCP tools. This is purpose-aligned for checking library documentation, but it can involve sending query terms or library names outside the local workspace.
Context7 can help as a discoverability platform ... allowed-tools: ... WebFetch mcp__context7__resolve-library-id mcp__context7__query-docs
Avoid including proprietary code, secrets, or sensitive internal details in external documentation queries.