Golang Stay Updated
Security checks across malware telemetry and agentic risk
Overview
This looks like a harmless Go resource guide, but it declares more local editing, shell, git, and agent permissions than the guide needs.
Review this before installing because the content itself appears safe, but the declared permissions are broader than necessary. A safer version would limit the skill to read/search/web access unless it adds clear, user-directed workflows that require editing files or running Go and git commands.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.