ClawHub

Golang Dependency Management

v1.1.2

Provides dependency management strategies for Golang projects including go.mod management, installing/upgrading packages, semantic versioning, Minimal Versio...

0· 113·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested bits: it needs the Go toolchain and govulncheck, and its advice and workflows focus on go.mod, go.sum, govulncheck, govulncheck-driven CI, vendoring, and visualizing module graphs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md gives concrete, scoped instructions for dependency operations, auditing, and CI integration. It explicitly requires asking the user before adding dependencies and instructs use of govulncheck, go mod tidy, etc. It does not instruct reading arbitrary files or exfiltrating secrets, nor does it reference environment variables beyond the declared tools.
Install Mechanism
The only install spec is a go install for golang.org/x/vuln/cmd/govulncheck@latest — a standard, traceable install from an official golang.org package. This writes a binary (govulncheck) into the user's Go bin path, which is appropriate and expected for the skill's purpose.
Credentials
No environment variables, credentials, or config paths are requested. The declared tool requirements (go, govulncheck) are proportional to a dependency-management skill.
Persistence & Privilege
Flags show always:false and no unusual persistence. disable-model-invocation is false (normal), and the skill does not claim or request the ability to modify other skills or system-wide configs.
Assessment
This skill appears coherent and focused: it teaches and enforces safe Go dependency practices and installs govulncheck from an official golang.org package. Before installing, ensure you are comfortable with the skill installing a govulncheck binary into your Go bin directory and that your environment's GOPATH/GOBIN are set as you expect. Note the skill permits autonomous invocation (the platform default) — review your agent's permissions/policies if you do not want agents to act without confirmation. Finally, because this is instruction-only (no bundled code), the primary runtime action is installing/using govulncheck and running go commands; if you prefer, confirm the agent will always ask before running go get (the skill mandates that behavior).

Like a lobster shell, security has layers — review code before you run it.

latestvk979j49aa2mhmz00akd4y6e2d983z771

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis
Binsgo, govulncheck

Install

Go
Bins: govulncheck

Comments