Back to skill

Security audit

Golang Troubleshooting

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Go troubleshooting guide with no executable payload, but users should avoid exposing secrets when following its debugging examples.

Reasonable to install for Go debugging. Before using it on production systems, redact API keys, database URLs, Authorization headers, cookies, and sensitive request or response bodies, and keep pprof/Delve access authenticated and temporary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance explicitly suggests inspecting environment variables including names like DATABASE and API_KEY, but it does not warn that environment dumps can expose live credentials in terminals, logs, screen shares, or pasted troubleshooting output. In a debugging skill, this increases the chance a user will reveal secrets while following the instructions, especially in production incidents where people copy command output verbatim.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guidance recommends dumping full HTTP requests and responses for debugging, which can capture sensitive material such as Authorization headers, cookies, session tokens, API keys, and request/response bodies containing personal or financial data. In a production-debugging context, operators may follow this literally during incidents, increasing the chance that secrets are written to logs, retained in log systems, or exposed to broader audiences than intended.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.