Golang Samber Do
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only Go dependency-injection skill appears purpose-aligned, but it can guide the agent to edit your project and update Go dependencies.
This skill is reasonable for Go projects where you want to add or refactor dependency injection with samber/do v2. Before accepting changes, review generated code, go.mod/go.sum updates, and any git actions the agent proposes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may change source files, run Go commands, and potentially use git commands in the working repository.
The skill permits code editing and local Go/lint/git command use. That fits a Go DI implementation skill, but those tools can still modify repository files or dependency state.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) Agent WebFetch ...
Use it only in projects where code changes are intended, and review diffs plus any git-related action before accepting the result.
Using the setup command may change the project's dependency graph and introduce or update third-party Go modules.
The skill instructs installation of the external samber/do v2 Go module. This is central to the stated purpose, but `-u` can update dependencies and alter go.mod/go.sum.
go get -u github.com/samber/do/v2
Review go.mod and go.sum after use, and consider pinning versions or avoiding `-u` if your project needs conservative dependency updates.