⚠️Install with caution. This skill has very few installs. Always review the source and verify it on clawhub.ai before installing. Community-built skills run with agent permissions — only install ones you trust.

📐 API & Code Quality

Go Vuln Info Disclosurev0.1.0

Name: Go Vuln Info Disclosure
Author: yhy0

go-vuln-info-disclosure

yhy0

Use when auditing Go code involving logging, error handling, HTTP response data, Kubernetes Secret management, or credential storage. Covers CWE-200/532/522/...

latest

Download Package View on ClawHub

Installs (all time)

Installs (current)

Downloads

466

Stars

CreatedMar 14, 2026

UpdatedMay 1, 2026

Install & Quick Start

Install via ClawdBot CLI:

clawdbot install yhy0/go-vuln-info-disclosure

Skill Package2 files

📋SKILL.mdmarkdown

Failed to load file.

Quality Score

C42/100

Grade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.

Market Validation1/35

· No tracked installs (may still have manual users)
· 80 downloads (minimal demand)

Documentation16/25

· SKILL.md present
· Detailed documentation (≥3000 chars)
· Detailed summary

Package Completeness6/15

· skillAssets present (1 files)

Security Analysis

🔴 High Risk

CREDENTIAL_ACCESShigh

Accesses sensitive credential files or environment variables

/etc/passwd

UNDOCUMENTED_EXTERNALlow

Calls external URL not in known-safe list

https://user:[email protected]`）

AI Analysis

The skill is a static detection guide for auditing Go code vulnerabilities; it contains no executable code, runtime instructions, or mechanisms to send data. The 'external URL' signal is a false positive from a grep pattern example within the detection strategy text.

Audited Apr 18, 2026 · audit v1.0

💡

Usage Guide

Generated Mar 21, 2026

Security EngineersDevOps ProfessionalsSoftware Developersintermediate

💡 Application Scenarios

Cloud-Native Application Security AuditFinancial Services

Auditing a Go-based microservices application deployed on Kubernetes, focusing on logging and error handling to prevent exposure of database credentials and API tokens in production logs. This scenario is common in fintech or healthcare industries where sensitive data must be protected under regulations like GDPR or HIPAA.

DevOps Toolchain Vulnerability AssessmentTechnology

Evaluating tools like Argo CD or Rancher for information disclosure risks, such as cluster secrets leaking in API responses or logs during deployment workflows. This scenario targets organizations using CI/CD pipelines in tech or e-commerce sectors to ensure secure automation.

API Gateway and Service Mesh InspectionSoftware as a Service (SaaS)

Analyzing Go services within a service mesh (e.g., Istio) to detect sensitive data in HTTP responses and error messages that could expose user tokens or internal configurations. Relevant for SaaS companies handling multi-tenant data in cloud environments.

Containerized Application Logging ReviewLogistics

Reviewing containerized Go applications for log exposure of Kubernetes Secrets or environment variables, especially in logging frameworks like logrus or zap. This scenario applies to logistics or manufacturing industries using IoT devices with embedded Go code.

Open-Source Library Security ScanCybersecurity

Scanning popular Go libraries for vulnerabilities like missing json:"-" tags in structs that could lead to credential leaks when serialized. This scenario is critical for cybersecurity firms or large enterprises relying on third-party dependencies in their software supply chain.

💼 Business Models

Security Consulting ServicesProject fees ranging from $10,000 to $50,000 per audit

Offering specialized audits for Go applications to identify and remediate information disclosure vulnerabilities, targeting clients in regulated industries. Revenue is generated through project-based fees and retainer contracts for ongoing security assessments.

SaaS-Based Vulnerability ScanningSubscription plans from $99 to $499 per month

Providing a cloud platform that automatically scans Go codebases for patterns like %+v formatting or K8s Secret exposures, with subscription plans for developers and DevOps teams. Revenue comes from monthly or annual subscriptions, with tiered pricing based on scan frequency and codebase size.

Training and Certification ProgramsCourse fees averaging $500 to $2,000 per participant

Developing courses and certifications focused on Go security best practices, including hands-on labs for detecting information disclosure issues. Revenue is generated through course sales, workshop fees, and certification exams for IT professionals and software engineers.

💬 Integration Tip

Integrate this skill into CI/CD pipelines using grep commands from the detection strategy to automate scans during code commits, ensuring early detection of vulnerabilities before deployment.