v1.0.0

Golang Spf13 Viper

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 3:30 PM.

Analysis

This is a coherent instruction-only Go/Viper guidance skill with no evidence of hidden behavior, though it may guide dependency updates that users should review.

GuidanceThis skill appears safe to install as reference material for Go Viper configuration. If you let an agent apply it to a project, review any dependency updates and code edits before committing.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

go get github.com/spf13/viper@latest

The skill includes a user-directed command to add the public Viper Go module using @latest. This is purpose-aligned for adopting Viper, but it can change project dependencies and is not version-pinned at command time.

User impactIf the agent follows this guidance during implementation, it may update the project's Go dependencies.

RecommendationReview go.mod and go.sum changes, and pin or approve dependency versions according to the project's normal policy.