Go Install

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Go installer guide, with the main caveat that it suggests permanent shell configuration changes users should review first.

Before installing, confirm your CPU architecture, download from the official Go site, consider verifying the published checksum, and review any ~/.bashrc or ~/.profile additions so they do not conflict with an existing Go installation. Prefer the current patched Go release rather than blindly using the example version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to append environment variable exports to ~/.bashrc without warning that this creates persistent changes to future shell sessions. While the commands are not inherently malicious, modifying startup files can have lasting side effects, affect other tooling, and is risky in an agent-executed context because it changes the host environment beyond the immediate task.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal