go-security-vulnerability

Identify, assess, and fix security vulnerabilities in Go modules using govulncheck. Handle common vulnerabilities like JWT issues and ensure application stability during fixes.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "go-security-vulnerability" with this command: npx skills add irook661/go-security-vulnerability

Go Security Vulnerability Skill

Use Go tooling to identify, assess, and fix security vulnerabilities in Go modules. This skill helps detect and remediate vulnerabilities while maintaining application functionality.

Vulnerability Detection

Scan for vulnerabilities in your Go project:

go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

Check specific modules for known vulnerabilities:

govulncheck -show verbose ./...

Assessment Process

  1. Identify Affected Packages: Determine which dependencies contain vulnerabilities
  2. Check Severity: Review the CVE details and potential impact
  3. Verify Usage: Confirm if the vulnerable functions are actually used in your code
  4. Plan Remediation: Choose the appropriate fix strategy

Common Fix Strategies

Direct Dependency Update

Update vulnerable packages to secure versions:

go get -u vulnerable/package@latest
go mod tidy

Transitive Dependency Handling

For vulnerabilities in transitive dependencies:

go mod why vulnerable/package  # Understand why it's included
go mod edit -replace vulnerable/package=newer-version  # Replace if needed
go mod tidy

Removal Strategy

If a dependency is unused or can be replaced:

  1. Remove direct imports of the vulnerable code
  2. Run go mod tidy to clean up unused dependencies
  3. Verify application functionality remains intact

Verification Steps

After applying fixes:

# Verify no vulnerabilities remain
govulncheck ./...

# Ensure application still builds
go build ./...

# Run tests to verify functionality
go test ./...

Common Vulnerabilities

JWT Libraries

  • Issue: github.com/golang-jwt/jwt GO-2025-3553 (excessive memory allocation)
  • Fix: Update to newer version or switch to golang.org/x/oauth2 alternatives

Standard Library Updates

  • Keep Go version updated for security patches
  • Run go vuln to check for stdlib vulnerabilities

Best Practices

  • Regularly scan dependencies with govulncheck
  • Keep dependencies updated with go get -u
  • Use go mod tidy to remove unused dependencies
  • Test thoroughly after vulnerability fixes
  • Monitor for new vulnerabilities with automated tools

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Server Audit

Reads server hardware, Proxmox/Linux OS info, temperatures, SMART status, ECC errors, RAID, disks, network stats, services, and logs without making changes.

Registry SourceRecently Updated
2340polumish
Security

Complianceradar Ai Monitor

Monitor regulatory changes across SEC, FDA, FINRA, and GDPR with AI impact assessment. Use when the user needs compliance tracking, policy updates, audit tra...

Registry SourceRecently Updated
2270ncreighton
Security

Soc2 Evidence Collector

Generate SOC2 evidence collection checklists, automate evidence gathering scripts, and produce audit-ready evidence packages. Covers all 5 Trust Service Crit...

Registry SourceRecently Updated
2370afrexai-cto
Security

Forum Scout

Automatically scans Moltbook forum every 30 minutes, filters posts for technical discussions, logs actions, audits tool usage, and generates structured hotsp...

Registry SourceRecently Updated
2350Profile unavailable