Rails TDD Standards
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: rails-tdd-standards Version: 1.1.0 The skill bundle provides standard RSpec and FactoryBot best practices for Rails applications, including guidance on Rails 8 updates and CI configuration. The content in SKILL.md is purely educational, focusing on testing patterns, mocking external services like Stripe, and proper database setup for CI environments. No malicious code, data exfiltration, or harmful instructions were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or run in the wrong environment, a database setup command could affect application data or schema state.
The skill includes an executable Rails database setup command. It is clearly presented as CI/test setup, which fits the stated testing purpose, but it changes the test database schema and should not be run against non-test environments.
- run: bundle exec rails db:schema:load RAILS_ENV=test
Keep this command limited to CI or RAILS_ENV=test, and confirm with the user before making database-related workflow changes.
An agent could suggest or apply a CSRF/forgery-protection change too broadly if the user does not review the context.
The skill labels disabling Rails forgery protection as the Rails 8 pattern. This may be legitimate in specific test or API contexts, but the snippet is security-sensitive and not scoped in the visible text.
# ✅ Rails 8 skip_forgery_protection
Only use this pattern when the user explicitly wants that behavior and the target context is appropriate; do not apply it as a generic fix in production-facing controllers.