golang-security
Security best practices and vulnerability prevention for Golang. Covers injection (SQL, command, XSS), cryptography, filesystem safety, network security, cookies, secrets management, memory safety, and logging. Apply when writing, reviewing, or auditing Go code for security, or when working on any risky code involving crypto, I/O, secrets management, user input handling, or authentication. Includes configuration of security tools.
87
85%
Does it follow best practices?
Impact
91%
1.15xAverage score across 3 eval scenarios
Passed
No known issues
Evaluation results
86%
-4%Secure Session-Based Web Service
Secure session cookie management in Go
No hardcoded session key
100%
100%
Session key from env
100%
60%
Two keys to NewCookieStore
0%
0%
Cookie HttpOnly
100%
100%
Cookie Secure
100%
100%
Cookie SameSite
100%
100%
Server ReadTimeout
100%
100%
Server WriteTimeout
100%
100%
Server IdleTimeout
100%
100%
No PII in logs
100%
100%
No client header auth trust
100%
100%
Generic error responses
100%
100%
88%
31%Archive Upload and Extraction Service
Secure ZIP extraction with path traversal and bomb protection
ZipSlip path validation
80%
100%
Decompression size limit
91%
100%
Sentinel error for size limit
0%
100%
os.CreateTemp for temp files
100%
100%
Temp file cleanup
100%
100%
User path confinement
100%
100%
Restrictive file permissions
20%
100%
No strings.HasPrefix traversal check
0%
100%
HTTP server timeouts
0%
0%
Generic error to client
42%
42%
100%
8%User Authentication API with JWT
JWT auth API with secure SQL, password hashing, and structured logging
Parameterized SQL
100%
100%
Argon2id or bcrypt hashing
100%
100%
No math/rand for secrets
100%
100%
JWT algorithm pinning
100%
100%
JWT secret from env
100%
100%
DB connection from env
100%
100%
No password in logs
100%
100%
Structured logging (slog)
100%
100%
Generic HTTP errors
100%
100%
Constant-time comparison
100%
100%
Server timeouts set
0%
100%
- Repository
- samber/cc-skills-golang
- Commit
a5e0e59
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.