ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Golang Naming

v1.1.1

Go (Golang) naming conventions — covers packages, constructors, structs, interfaces, constants, enums, errors, booleans, receivers, getters/setters, function...

0· 79·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise a naming/style guidance skill. The registry lists the 'go' binary as required and the skill header permits running Bash(go:*), golangci-lint, and git — none of which are necessary for static naming guidance. Requiring a local 'go' binary or granting execution of go/golangci-lint/git is disproportionate to an instruction-only naming guide.
Instruction Scope
The SKILL.md content is a focused, detailed naming/style guide and does not instruct the agent to read arbitrary files, access secrets, or exfiltrate data. However the skill header's allowed-tools list implies the agent may run code/commands (go, linters, git) even though the prose does not require them; that expands runtime scope beyond the documented guidance.
Install Mechanism
This is instruction-only and has no install spec or downloads. That minimizes disk/runtime risk — nothing is written or installed by the skill itself.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of secrets/keys requested is proportionate to a documentation/style guide.
Persistence & Privilege
always:false (normal) and model invocation is allowed (default). The skill is not user-invocable but may be invoked autonomously by the agent when triggered. Combined with the broad allowed-tools (shell access to go, linters, git), autonomous invocation increases the potential for the agent to run local commands — consider this when enabling the skill.
What to consider before installing
This skill is a focused Go naming/style reference and its contents are coherent and useful. Two things to consider before installing: (1) The registry metadata marks the 'go' binary as required and grants the agent permission to run Bash commands for go, golangci-lint and git — that is unnecessary for a pure style guide and would allow the agent to execute local tooling if it runs automatically. (2) The skill is instruction-only (no code to inspect beyond the docs) and points to a GitHub homepage — review that repo yourself if you want full provenance. If you want to minimize risk, ask the platform to remove or restrict the allowed-tools/execution permissions (so the skill cannot run go/linters/git automatically) or only enable the skill in contexts where running local tools is acceptable.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f0zrm5as4wtppe30ak9qr5d83p0hs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏷️ Clawdis
Binsgo

Comments