go-security-vulnerability
Identify, assess, and fix security.
Setup & Installation
Install command
clawhub install irook661/go-security-vulnerabilityIf the CLI is not installed:
Install command
npx clawhub@latest install irook661/go-security-vulnerabilityOr install with OpenClaw CLI:
Install command
openclaw skills install irook661/go-security-vulnerabilityor paste the repo link into your assistant's chat
Install command
https://github.com/openclaw/skills/tree/main/skills/irook661/go-security-vulnerabilityWhat This Skill Does
Scans Go modules for known security vulnerabilities using govulncheck, identifies affected dependencies, and guides remediation through updates, replacements, or removals. Covers both direct and transitive dependencies, with verification steps to confirm fixes without breaking builds.
govulncheck uses the Go vulnerability database and call graph analysis to report only vulnerabilities reachable in your code, reducing noise compared to generic dependency scanners.
When to Use It
- Auditing a Go project before a production release
- Fixing a flagged CVE in a transitive dependency
- Checking whether a vulnerable function is actually called in your code
- Updating JWT libraries after a security advisory
- Setting up a routine vulnerability scan in a Go monorepo
View original SKILL.md file
# Go Security Vulnerability Skill Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality. ## Vulnerability Detection Scan for vulnerabilities in your Go project: ```bash go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... ``` Check specific modules for known vulnerabilities: ```bash govulncheck -show verbose ./... ``` ## Assessment Process 1. **Identify Affected Packages**: Determine which dependencies contain vulnerabilities 2. **Check Severity**: Review the CVE details and potential impact 3. **Verify Usage**: Confirm if the vulnerable functions are actually used in your code 4. **Plan Remediation**: Choose the appropriate fix strategy ## Common Fix Strategies ### Direct Dependency Update Update vulnerable packages to secure versions: ```bash go get -u vulnerable/package@latest go mod tidy ``` ### Transitive Dependency Handling For vulnerabilities in transitive dependencies: ```bash go mod why vulnerable/package # Understand why it's included go mod edit -replace vulnerable/package=newer-version # Replace if needed go mod tidy ``` ### Removal Strategy If a dependency is unused or can be replaced: 1. Remove direct imports of the vulnerable code 2. Run `go mod tidy` to clean up unused dependencies 3. Verify application functionality remains intact ## Verification Steps After applying fixes: ```bash # Verify no vulnerabilities remain govulncheck ./... # Ensure application still builds go build ./... # Run tests to verify functionality go test ./... ``` ## Common Vulnerabilities ### JWT Libraries - Issue: `github.com/golang-jwt/jwt` GO-2025-3553 (excessive memory allocation) - Fix: Update to newer version or switch to `golang.org/x/oauth2` alternatives ### Standard Library Updates - Keep Go version updated for security patches - Run `go vuln` to check for stdlib vulnerabilities ## Best Practices - Regularly scan dependencies with `govulncheck` - Keep dependencies updated with `go get -u` - Use `go mod tidy` to remove unused dependencies - Test thoroughly after vulnerability fixes - Monitor for new vulnerabilities with automated tools
Example Workflow
Here's how your AI assistant might use this skill in practice.
User asks: Auditing a Go project before a production release
- 1Auditing a Go project before a production release
- 2Fixing a flagged CVE in a transitive dependency
- 3Checking whether a vulnerable function is actually called in your code
- 4Updating JWT libraries after a security advisory
- 5Setting up a routine vulnerability scan in a Go monorepo
Identify, assess, and fix security.
Security Audits
These signals reflect official OpenClaw status values. A Suspicious status means the skill should be used with extra caution.