Rails TDD Standards
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or run in the wrong environment, a database setup command could affect application data or schema state.
The skill includes an executable Rails database setup command. It is clearly presented as CI/test setup, which fits the stated testing purpose, but it changes the test database schema and should not be run against non-test environments.
- run: bundle exec rails db:schema:load RAILS_ENV=test
Keep this command limited to CI or RAILS_ENV=test, and confirm with the user before making database-related workflow changes.
An agent could suggest or apply a CSRF/forgery-protection change too broadly if the user does not review the context.
The skill labels disabling Rails forgery protection as the Rails 8 pattern. This may be legitimate in specific test or API contexts, but the snippet is security-sensitive and not scoped in the visible text.
# ✅ Rails 8 skip_forgery_protection
Only use this pattern when the user explicitly wants that behavior and the target context is appropriate; do not apply it as a generic fix in production-facing controllers.