Golang Samber Oops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Go coding guidance skill with normal code-editing authority, but users should review changes and avoid logging sensitive user or request data.
This skill appears safe and purpose-aligned for Go projects using samber/oops. Before installing or using it, be comfortable with an agent editing code and running Go/git-related commands, and instruct it not to include secrets, full request bodies, or unnecessary personal data in error attributes or logs.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used, the agent may edit Go code or run repository commands as part of applying samber/oops patterns.
The skill can read and modify project files and run Go, lint, and git commands. This is aligned with coding assistance, but it gives the agent practical authority over the repository.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) Agent WebFetch mcp__context7__resolve-library-id mcp__context7__query-docs
Review diffs, test results, and any git operations before accepting changes, especially in production or shared repositories.
User IDs, emails, tenant data, request metadata, or request bodies could be retained in error context if developers follow these examples without sanitization.
The skill teaches adding user attributes and request data to structured errors. That is purpose-aligned for diagnostics, but those fields can later appear in logs, APM tools, or error reports.
.User("user-123", "email", "foo@bar.com") ... .Request(req, includeBody) | Attach `*http.Request` (optionally including body)Keep request/response body capture disabled unless explicitly needed, avoid adding secrets or unnecessary PII to error attributes, and align usage with your logging and privacy policies.