ClawHub

Golang Popular Libraries

v1.1.4

Recommends production-ready Golang libraries and frameworks. Apply when the user asks for library suggestions, wants to compare alternatives, or needs to cho...

0· 208·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (recommend production-ready Go libraries) align with required resources: it only requires the 'go' binary and provides reference catalogs and guidance. Asking for 'go' is reasonable because the skill may check versions or module info.
Instruction Scope
SKILL.md is focused on recommending libraries and vetting maintenance/license/complexity. It does not instruct reading unrelated files or exfiltrating secrets. One minor content inconsistency exists across reference files: e.g., references/libraries.md calls lib/pq the 'gold standard' while evals.json contains tests that prefer pgx for many use cases; this is a documentation inconsistency rather than a security issue. The skill's allowed-tools include file write, bash (git), and web fetch/search — appropriate for checking maintenance and optionally editing go.mod, but these capabilities mean the agent could modify project files or fetch external pages at runtime, so review any automatic edits before accepting them.
Install Mechanism
No install spec (instruction-only). Nothing is downloaded or written to disk by an installer, which is the lowest-risk install posture.
Credentials
No environment variables, credentials, or config paths are requested. The absence of secrets is proportionate to a recommendation/cataloging skill.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. The skill allows autonomous invocation (disable-model-invocation is false) which is the platform default; combined with its limited scope this is acceptable.
Assessment
This skill appears to do what it says: recommend vetted Go libraries and prefer the standard library when appropriate. Before installing or enabling it, note that the skill is allowed to run shell commands, read/write files, and fetch web pages — behavior that is reasonable if you want it to check maintenance, licenses, or to edit go.mod, but which could modify your repository automatically. If you plan to let the agent act autonomously, require review of any proposed code or dependency changes. Also be aware of minor documentation inconsistencies in the references (e.g., lib/pq vs pgx); verify important recommendations (performance, maintenance, license) by checking the library repos and release history yourself before committing changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97erxbmppnvnst54qn5avk925841qr4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binsgo

Comments