Go Vuln Info Disclosure

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

The skill may guide the agent to search source code for credentials or secret-related fields during an audit.

Why it was flagged

The skill provides shell grep commands for finding sensitive-data handling in Go code. These commands are purpose-aligned and limited to local code inspection, but they may surface secrets if run on real repositories.

Skill content

grep -rn 'log\.Print\|logrus\.\|zap\.\|logger\.' --include="*.go" | grep -i 'secret\|password\|token\|credential\|key'

Recommendation

Use it only for authorized code reviews and avoid copying discovered secrets into logs, chats, tickets, or public reports.