Golang Testing
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate Go testing helper, with normal cautions around editing code, running test-related commands, installing an unpinned helper tool, and generating integration tests that may start local services.
Before installing, make sure you are comfortable with a coding helper that can edit repository files and run Go, gotests, lint, and git commands. Consider pinning or verifying the gotests dependency, review generated diffs before applying them, and run any Docker/database integration-test fixtures only against isolated test resources.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may edit tests or source files and run local Go, git, lint, or gotests commands in the working repository.
The skill grants file edit/write access and scoped command execution for Go testing and repository workflows. This fits the stated purpose, but it can still change project files and run local commands.
allowed-tools: Read Edit Write Glob Grep Bash(go:*) Bash(golangci-lint:*) Bash(git:*) Agent Bash(gotests:*) AskUserQuestion
Review generated diffs and keep git operations limited to what you explicitly intend, especially for mutating actions such as commit, reset, clean, or push.
Installing the skill may install a changing upstream version of gotests on the user's machine.
The install step pulls a remote Go tool at @latest, so the installed code can change over time. The dependency is directly related to the testing purpose, but it is not version-pinned.
go | package: github.com/cweill/gotests/gotests@latest | creates binaries: gotests
Verify the upstream gotests project and consider pinning a known-good version if you need reproducible or higher-assurance installs.
Generated or copied integration tests could start containers, bind local ports, and clear tables in the configured test database when those integration tests are run.
The integration-testing reference shows test code that starts local Docker Compose services and resets database tables. This is expected for isolated integration tests and is shown with an integration build tag, but it has local environment impact if adopted.
cmd := exec.Command("docker-compose", "-f", "testdata/docker-compose.yml", "up", "-d") ... s.db.Exec("TRUNCATE TABLE orders, users CASCADE")Use isolated test databases, confirm ports and connection strings, and keep integration tests behind explicit build tags such as `//go:build integration`.
More than one agent process may review parts of the repository during audit mode.
The skill may fan out an audit to multiple sub-agents. The scope is bounded and purpose-aligned, but users should understand that additional agent workers may inspect project context during an audit.
Audit mode — ... Launch up to 3 parallel sub-agents split by concern
Use audit mode only on repositories you are comfortable sharing with the agent environment, and narrow the requested audit scope when working with sensitive code.