Golang Popular Libraries
Security checks across malware telemetry and agentic risk
Overview
This is an instruction-only Go library recommendation skill, but it requests broader project-editing and git/go command authority than its recommendation purpose clearly justifies.
This skill appears to be a benign Go library recommendation guide with no code or install-time behavior. Before installing, consider whether you are comfortable granting it Edit/Write and broad git/go command permissions; ideally use it only for advice, or require explicit approval before it changes files or runs project-mutating commands.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked by an agent with these permissions, the skill could enable project file edits or git/go commands even though the visible guidance is mainly about giving library advice.
For a skill described as recommending Go libraries, the declared tools include local file mutation and broad git/go command execution, but the instructions do not define when those actions are allowed, how to scope them, or when to ask the user before making changes.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) Agent WebFetch WebSearch AskUserQuestion
Limit the skill to Read, Glob/Grep, WebSearch/WebFetch, and AskUserQuestion where possible, or add explicit instructions requiring user approval before any Edit, Write, git, or mutating go command.