go-security-vulnerability
Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.
Best use case
go-security-vulnerability is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.
Teams using go-security-vulnerability should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/go-security-vulnerability/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How go-security-vulnerability Compares
| Feature / Agent | go-security-vulnerability | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Go Security Vulnerability Skill Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality. ## Vulnerability Detection Scan for vulnerabilities in your Go project: ```bash go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... ``` Check specific modules for known vulnerabilities: ```bash govulncheck -show verbose ./... ``` ## Assessment Process 1. **Identify Affected Packages**: Determine which dependencies contain vulnerabilities 2. **Check Severity**: Review the CVE details and potential impact 3. **Verify Usage**: Confirm if the vulnerable functions are actually used in your code 4. **Plan Remediation**: Choose the appropriate fix strategy ## Common Fix Strategies ### Direct Dependency Update Update vulnerable packages to secure versions: ```bash go get -u vulnerable/package@latest go mod tidy ``` ### Transitive Dependency Handling For vulnerabilities in transitive dependencies: ```bash go mod why vulnerable/package # Understand why it's included go mod edit -replace vulnerable/package=newer-version # Replace if needed go mod tidy ``` ### Removal Strategy If a dependency is unused or can be replaced: 1. Remove direct imports of the vulnerable code 2. Run `go mod tidy` to clean up unused dependencies 3. Verify application functionality remains intact ## Verification Steps After applying fixes: ```bash # Verify no vulnerabilities remain govulncheck ./... # Ensure application still builds go build ./... # Run tests to verify functionality go test ./... ``` ## Common Vulnerabilities ### JWT Libraries - Issue: `github.com/golang-jwt/jwt` GO-2025-3553 (excessive memory allocation) - Fix: Update to newer version or switch to `golang.org/x/oauth2` alternatives ### Standard Library Updates - Keep Go version updated for security patches - Run `go vuln` to check for stdlib vulnerabilities ## Best Practices - Regularly scan dependencies with `govulncheck` - Keep dependencies updated with `go get -u` - Use `go mod tidy` to remove unused dependencies - Test thoroughly after vulnerability fixes - Monitor for new vulnerabilities with automated tools
Related Skills
security-operator
Runtime security guardrails for OpenClaw agents.
security-checker
Security scanner for Python skills before publishing to ClawHub.
security-auditor
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
tech-security-audit
This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.
Security Joes AI Analyst
SecOps checks for endpoints: EDR, Sysmon, updates, EVTX on heartbeat, least privilege, network visibility, credential protection (Kerberos/NTLM/pass-the-hash), device inventory and known vulnerabilities, weekly assessment, and skill integrity (hash-on-wake, version-aware). Use when implementing or reviewing host posture, heartbeat logic, EDR/Sysmon/EVTX, privilege, network exposure, credential hardening, vuln assessment, weekly SecOps review, or skill compromise checks.
Heimdall - Security Scanner for AI Agent Skills
Scan OpenClaw skills for malicious patterns before installation. Context-aware scanning with AI-powered narrative analysis.
security-suite
Advanced security validation: pattern detection, command sanitization.
security
Advanced security validation for Clawdbot - pattern detection, command sanitization, and threat monitoring
security-audit
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
fletcher-cyber-security-engineer
Security engineering workflow for OpenClaw privilege governance and hardening.
cyber-security-engineer
Security engineering workflow for OpenClaw privilege governance and hardening.
hopeIDS Security Skill
Inference-based intrusion detection for AI agents. Protects against prompt injection, credential theft, data exfiltration, and other attacks.