Golang Stretchr Testify
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward Go testing guide, with expected ability to edit tests and run Go tools, plus a disclosed unpinned helper-tool install that users may want to review.
This skill looks safe for its purpose as a Go/testify testing guide. Before installing, note that it may edit files and run Go-related commands in your repository, and it installs gotests from an unpinned @latest package; review generated changes and consider pinning the helper version for reproducibility.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The helper tool version may vary between installs, which can affect reproducibility and supply-chain review.
The skill installs an external Go helper tool using @latest, so the installed code can change over time; this is disclosed and relevant to Go test generation.
package: github.com/cweill/gotests/...@latest | creates binaries: gotests
Prefer a pinned gotests version when possible, and install only if you trust the upstream package source.
The agent may edit test files and run development commands in the repository.
The skill can read and modify project files and run Go, gotests, golangci-lint, and git commands; this is expected for a Go test-writing assistant but can affect the working repository.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) ... Bash(gotests:*)
Review generated diffs and command results before accepting changes, and avoid approving destructive git actions such as reset, clean, commit, or push unless explicitly intended.