Golang Samber Lo
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a documentation-only Go helper with no evidence of malicious behavior, but it can guide the agent to edit code, run Go/Git commands, add a dependency, and query external docs.
This skill appears safe for normal Go development use. Before installing or using it, be prepared to review code edits, go.mod/go.sum changes, and any Git actions the agent proposes; keep external documentation queries generic if your project contains sensitive code.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may modify project files or run repository commands while helping adopt or refactor samber/lo usage.
The skill can edit files and run broad Go, lint, and Git commands. That is expected for a Go coding/refactoring skill, but Git and file-write access can change a repository if used carelessly.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*)
Review all diffs and require explicit approval before destructive or publishing Git actions such as reset, clean, commit, or push.
Using the installation guidance can update go.mod/go.sum and pull code from the upstream Go module ecosystem.
The documentation recommends adding an external Go module. This is purpose-aligned for a skill about samber/lo, but it changes dependency state in the user's project.
go get github.com/samber/lo
Review dependency diffs, pin versions where appropriate, and use normal Go module verification practices.
Library or documentation queries may be sent to an external MCP service if the agent uses those tools.
The skill may use Context7 MCP tools to look up documentation. This is disclosed and purpose-aligned, but it is an external documentation lookup channel.
mcp__context7__resolve-library-id mcp__context7__query-docs
Avoid sending proprietary code or sensitive project details in external documentation queries unless you are comfortable sharing them.