netresearch/go-development
skills/go-development/SKILL.md
Use when developing Go applications, implementing job schedulers or cron, Docker API integrations, LDAP/AD clients, building resilient services with retry logic, setting up Go test suites (unit/integration/fuzz/mutation), running golangci-lint, or optimizing Go performance.
$ install --global
skillsauthnpx skillsauth add netresearch/go-development-skill go-developmentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 29, 2026, 6:45 AM120.2s21 files scanned
SKILL.md
- name:
- go-development
- description:
- Use when developing Go applications, implementing job schedulers or cron, Docker API integrations, LDAP/AD clients, building resilient services with retry logic, setting up Go test suites (unit/integration/fuzz/mutation), running golangci-lint, or optimizing Go performance.
- license:
- (MIT AND CC-BY-SA-4.0). See LICENSE-MIT and LICENSE-CC-BY-SA-4.0
- compatibility:
- Requires go 1.21+, golangci-lint, docker.
- author:
- Netresearch DTT GmbH
- version:
- 1.12.0
- repository:
- https://github.com/netresearch/go-development-skill
- allowed-tools:
- Bash(go:*) Bash(make:*) Bash(docker:*) Bash(golangci-lint:*) Read Write Glob Grep
Go Development Patterns
Required Workflow
For reviews, invoke related skills: security-audit (OWASP), enterprise-readiness (OpenSSF/SLSA), github-project (branch protection). A review is NOT complete until all are executed.
Core Principles
Type Safety
- Avoid:
interface{}(useany),sync.Map, scattered type assertions, reflection - Prefer: Generics
[T any],errors.AsType[T](Go 1.26), concrete types - Run
go fix ./...after upgrades
Consistency
- One pattern per problem domain
- Match existing codebase patterns
- Refactor holistically or not at all
- Config precedence: defaults < config file < env vars < flags
Testing
- Build tags isolate test tiers: unit (default),
integration,e2e - Always use
t.Parallel(),t.Helper(), table-driven subtests - Use
log/slogdirectly -- never wrap it in custom Logger interfaces
Conventions
- Errors: lowercase, no punctuation (
errors.New("invalid input")) - Naming: ID, URL, HTTP (not Id, Url, Http)
- Error wrapping:
fmt.Errorf("failed to process: %w", err)
References
Git hooks: ls lefthook.yml 2>/dev/null && lefthook install || echo "Add lefthook — see references/lefthook-template.md"
Load as needed:
| Reference | Purpose |
|-----------|---------|
| references/architecture.md | Package structure, config management, middleware chains |
| references/logging.md | Structured logging with log/slog, migration from logrus |
| references/cron-scheduling.md | go-cron patterns: named jobs, runtime updates, context, resilience |
| references/resilience.md | Retry logic, graceful shutdown, context propagation |
| references/docker.md | Docker client patterns, buffer pooling |
| references/ldap.md | LDAP/Active Directory integration |
| references/testing.md | Test strategies, build tags, table-driven tests |
| references/linting.md | golangci-lint v2, staticcheck, code quality |
| references/api-design.md | Bitmask options, functional options, builders |
| references/fuzz-testing.md | Go fuzzing patterns, security seeds |
| references/contracts-and-invariants.md | Contracts, invariants, property tests |
| references/mutation-testing.md | Gremlins configuration, test quality measurement |
| references/makefile.md | Standard Makefile interface for CI/CD |
| references/modernization.md | Go 1.26 modernizers, go fix, errors.AsType[T], wg.Go() |
| references/lefthook-template.md | Ready-to-use lefthook.yml for Go project git hooks |
| references/reusable-workflows.md | Reusable Actions workflow callers, permission propagation, release-gate outputs |
| references/single-build-release.md | Single-build release: cross-compile once, reuse for release+container |
Quality Gates
Run before completing any review:
golangci-lint run --timeout 5m # Linting
go vet ./... # Static analysis
staticcheck ./... # Additional checks
govulncheck ./... # Vulnerability scan
go test -race ./... # Race detection
Stdlib Vulnerability Fixes
When govulncheck reports stdlib vulnerabilities: check fix version via vuln.go.dev, update go X.Y.Z in go.mod, run go mod tidy. Use PR branches for repos with branch protection.
Contributing: Submit improvements to https://github.com/netresearch/go-development-skill
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026