Remote OpenClaw
Menu

OpenClaw · Skill

Go Security Vulnerability

Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality.

Security & Passwords
v0.1.0
VirusTotal: Benign

Install

Start with the primary install command. Alternate entrypoints are included below for ClawHub and OpenClaw CLI users.

Primary command

clawhub install irook661/go-security-vulnerability

ClawHub installer

npx clawhub@latest install irook661/go-security-vulnerability

OpenClaw CLI

openclaw skills install irook661/go-security-vulnerability

Direct OpenClaw install

openclaw install irook661/go-security-vulnerability
View source

What this skill does

Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality.

Why it matters

govulncheck uses the Go vulnerability database and call graph analysis to report only vulnerabilities reachable in your code, reducing noise compared to generic dependency scanners.

Typical use cases

  • Auditing a Go project before a production release
  • Fixing a flagged CVE in a transitive dependency
  • Checking whether a vulnerable function is actually called in your code
  • Updating JWT libraries after a security advisory
  • Setting up a routine vulnerability scan in a Go monorepo

Source instructions

Go Security Vulnerability Skill

Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality.

Vulnerability Detection

Scan for vulnerabilities in your Go project:

go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

Check specific modules for known vulnerabilities:

govulncheck -show verbose ./...

Assessment Process

  1. Identify Affected Packages: Determine which dependencies contain vulnerabilities
  2. Check Severity: Review the CVE details and potential impact
  3. Verify Usage: Confirm if the vulnerable functions are actually used in your code
  4. Plan Remediation: Choose the appropriate fix strategy

Common Fix Strategies

Direct Dependency Update

Update vulnerable packages to secure versions:

go get -u vulnerable/package@latest
go mod tidy

Transitive Dependency Handling

For vulnerabilities in transitive dependencies:

go mod why vulnerable/package  # Understand why it's included
go mod edit -replace vulnerable/package=newer-version  # Replace if needed
go mod tidy

Removal Strategy

If a dependency is unused or can be replaced:

  1. Remove direct imports of the vulnerable code
  2. Run go mod tidy to clean up unused dependencies
  3. Verify application functionality remains intact

Verification Steps

After applying fixes:

# Verify no vulnerabilities remain
govulncheck ./...

# Ensure application still builds
go build ./...

# Run tests to verify functionality
go test ./...

Common Vulnerabilities

JWT Libraries

  • Issue: github.com/golang-jwt/jwt GO-2025-3553 (excessive memory allocation)
  • Fix: Update to newer version or switch to golang.org/x/oauth2 alternatives

Standard Library Updates

  • Keep Go version updated for security patches
  • Run go vuln to check for stdlib vulnerabilities

Best Practices

  • Regularly scan dependencies with govulncheck
  • Keep dependencies updated with go get -u
  • Use go mod tidy to remove unused dependencies
  • Test thoroughly after vulnerability fixes
  • Monitor for new vulnerabilities with automated tools

Related OpenClaw skills

Browse all →

OpenClaw Skill

Gandi Skill

2.1K1

OpenClaw Skill

Dashlane

1.8K1

OpenClaw Skill

Glin Profanity

1.5K1

OpenClaw Skill

Feelgoodbot

1.2K1
Featured slot

Your product here

Reserve this slot to reach operators and coding-agent buyers.

Shown where builders are actively comparing tools and deployment options.

Advertise