ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Golang Stay Updated

v1.2.3

Provides resources to stay updated with Golang news, communities and people to follow. Use when seeking Go learning resources, discovering new libraries, fin...

0· 100·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is to provide curated resources (links, newsletters, people to follow). Despite that, manifest metadata declares the 'go' binary as required and the allowed-tools list includes Bash(go:*), golangci-lint and git. A documentation-only skill would not normally need a local Go toolchain or execution privileges; this is disproportionate to the claimed purpose.
Instruction Scope
SKILL.md contains only static curated content (links, names, newsletters, tips). It does not instruct the agent to read local files, access secrets, or post data to hidden endpoints. There is no apparent instruction to run commands or access unrelated system state.
Install Mechanism
No install spec and no code files — instruction-only. This is the lowest-risk install profile; nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That is appropriate for a read-only resource guide.
Persistence & Privilege
The skill is not force-installed (always:false) and does not request special persistent privileges. Autonomous invocation is allowed (default) but not by itself a concern here; the skill does not attempt to modify other skills or system settings.
What to consider before installing
This skill appears to be a benign curated guide, but its metadata asks for the local 'go' binary and allows running go-related shell commands despite containing only static documentation. Before installing, ask the skill author or registry maintainer to explain why 'go' is required (e.g., does the agent run example code, fetch package docs, or run linters?). If you prefer minimal risk, request a revised skill that removes the 'go' binary requirement (and removes execution permissions) unless there is a clear, documented need. If you do install it, ensure your agent sandbox prevents arbitrary execution or network access from untrusted skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk976hqjjs9nz3vm2xy1avethnd842z30

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📰 Clawdis
Binsgo

Comments