Golang Linter
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent Go linting helper, but it can run auto-fix commands and parallel agents that modify project files, so users should review code changes.
This appears safe to use for Go linting, but treat auto-fix and parallel cleanup as code-changing actions. Run it on a branch, keep changes scoped, and review diffs/tests before committing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify Go project files while linting or formatting.
The skill is allowed to edit files and run local Go, golangci-lint, and git commands, including auto-fix commands that can change repository files. This is expected for a linting skill, but users should review the resulting diffs.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) Agent ... Auto-fix what you can: `golangci-lint run --fix ./...`
Use version control, review changes before committing, and ask the agent to scope --fix runs to specific files or packages when needed.
Large cleanup tasks could generate widespread edits that are harder to audit.
Parallel or background lint-fix work can produce many edits across a codebase. The behavior is disclosed and aligned with legacy lint cleanup, but it increases the chance of conflicting or hard-to-review changes.
launch a background agent running `golangci-lint run --fix` ... use up to 5 parallel sub-agents ... to fix independent linter categories simultaneously
Run large lint cleanups on a separate branch, split work by package or linter category, and review/test each batch before merging.
The agent may refer to a recommended config that is missing from the supplied package, which could lead to incomplete or improvised configuration guidance.
The provided file manifest does not include the referenced assets/.golangci.yml file, so that recommended configuration was not available to verify in this review.
See the [recommended configuration](./assets/.golangci.yml)
Confirm the intended .golangci.yml contents from the source repository or ask the agent to generate and explain a config before writing it.