Oathe Security Badge

Is skill/go-security-vulnerability safe?

https://clawhub.ai/skill/go-security-vulnerability

95
SAFE

This is a legitimate educational skill providing documentation for Go security vulnerability scanning using standard tools like govulncheck. The skill contains only documentation content with no malicious behavior detected, though it includes an install script for Go that wasn't executed during testing.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (1)

MEDIUM Install script downloads external binaries -25

The skill metadata contains an install script that downloads Go 1.21.5 from golang.org and extracts it to /usr/local. While this is for legitimate Go installation, it represents code execution risk by downloading and extracting external binaries to system directories.