Go Vuln Info Disclosure
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only Go security-audit checklist with no executable code, install steps, credentials, persistence, or hidden data flows.
This skill appears safe to install as an instruction-only audit aid. When using it, keep reviews limited to authorized repositories and handle any discovered credentials or sensitive findings carefully.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may guide the agent to search source code for credentials or secret-related fields during an audit.
The skill provides shell grep commands for finding sensitive-data handling in Go code. These commands are purpose-aligned and limited to local code inspection, but they may surface secrets if run on real repositories.
grep -rn 'log\.Print\|logrus\.\|zap\.\|logger\.' --include="*.go" | grep -i 'secret\|password\|token\|credential\|key'
Use it only for authorized code reviews and avoid copying discovered secrets into logs, chats, tickets, or public reports.