Go Vuln Info Disclosure
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: go-vuln-info-disclosure Version: 0.1.0 The skill bundle 'go-vuln-info-disclosure' is a legitimate security auditing tool designed to help an AI agent identify information disclosure vulnerabilities in Go source code. It provides comprehensive detection strategies, specific grep commands for identifying sensitive data sinks (like %+v logging or K8s Secret exposure), and detailed real-world case studies (e.g., CVE-2021-36782 in Rancher and CVE-2024-28175 in Argo CD) to provide context. The instructions in SKILL.md are strictly aligned with its stated purpose and do not contain any malicious prompt injection or exfiltration logic.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may guide the agent to search source code for credentials or secret-related fields during an audit.
The skill provides shell grep commands for finding sensitive-data handling in Go code. These commands are purpose-aligned and limited to local code inspection, but they may surface secrets if run on real repositories.
grep -rn 'log\.Print\|logrus\.\|zap\.\|logger\.' --include="*.go" | grep -i 'secret\|password\|token\|credential\|key'
Use it only for authorized code reviews and avoid copying discovered secrets into logs, chats, tickets, or public reports.