Back to skill

Security audit

Golang Samber Mo

Security checks across malware telemetry and agentic risk

Overview

This is a Go coding helper for the samber/mo library with no hidden install or data-handling behavior; the main caveat is broad activation wording.

Install this if you want an agent to help with Go code that uses or is intentionally adopting samber/mo. Review any suggested dependency additions and code edits, especially if you were only discussing general Go error handling or nil-safety rather than this specific library.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description includes activation criteria broader than the specific `github.com/samber/mo` library, such as applying during general adoption discussions and functional programming safety design in Go. In an agent environment, this can cause the skill to auto-activate in unrelated Golang contexts, increasing prompt surface area, creating instruction collisions, and potentially biasing code changes beyond the intended library-specific scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.