golang-security

Security best practices and vulnerability prevention for Golang. Covers injection (SQL, command, XSS), cryptography, filesystem safety, network security, cookies, secrets management, memory safety, and logging. Apply when writing, reviewing, or auditing Go code for security, or when working on any risky code involving crypto, I/O, secrets management, user input handling, or authentication. Includes configuration of security tools.

1.10x

Quality

85%

Does it follow best practices?

Impact

98%

1.10x

Average score across 3 eval scenarios

Securityby

Passed

No known issues

Evaluation results

95%

25%

Document Archive Handler

Filesystem path traversal and permission safety

Criteria

Without context

With context

os.Root for download path

46%

100%

os.Root for upload path

50%

100%

No HasPrefix-only traversal check

50%

100%

Zip ZipSlip validation

60%

100%

Zip error on invalid entry

100%

os.CreateTemp for temp files

100%

Temp file cleanup

100%

Restrictive file permissions

100%

Restrictive directory permissions

100%

Generic HTTP error messages

20%

50%

100%

Production-Ready API Server Infrastructure

HTTP server hardening: timeouts, headers, pprof, rate limiting

Criteria

Without context

With context

ReadTimeout set

100%

WriteTimeout set

100%

IdleTimeout set

100%

Pprof not on public server

100%

Content-Security-Policy header

100%

Strict-Transport-Security header

100%

X-Frame-Options header

100%

X-Content-Type-Options header

100%

Rate limiting with x/time/rate

100%

Request body size limit

100%

Payment Gateway Integration Service

Secrets from env vars and PII-safe structured logging

Criteria

Without context

With context

No hardcoded DB credentials

100%

No hardcoded API key

100%

Secrets from os.Getenv

100%

Missing secrets validation

100%

log/slog for structured logging

100%

No credentials in logs

100%

No PII in logs

100%

Detailed errors logged server-side

100%

Generic errors returned to caller

100%

.gitignore excludes secret files

60%

100%

Repository: samber/cc-skills-golang
Commit: 8c7e016

Evaluated: 6 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

Document Archive Handler Production-Ready API Server Infrastructure Payment Gateway Integration Service

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.