Back to skill
Skillv0.1.0
ClawScan security
Dhh Rails Style · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 3:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only, style-and-guidance skill for writing Ruby/Rails in DHH/37signals conventions; it contains no installs, no required credentials, and its requirements align with its stated purpose.
- Guidance
- This is an instruction-only style guide: it contains detailed, opinionated examples for how to structure Rails apps in DHH/37signals fashion and does not request credentials, install software, or run code. It's internally coherent and safe to read/use as guidance, but be cautious before applying patterns wholesale—some suggestions have security/operational implications (e.g., custom magic-link auth vs. Devise, database-backed queues/caches instead of Redis, hard deletes, using params to set Current.account, cookie scoping). Review those design choices against your project's security, compliance, and operational needs before adopting them.
Review Dimensions
- Purpose & Capability
- okName/description match the skill content: all files are style guidance and reference examples for Rails apps. Nothing requested (no env, no binaries, no installs) is out of proportion to a coding-style/reference skill.
- Instruction Scope
- okSKILL.md instructs the agent to read included references and apply patterns to user-provided Ruby/Rails code. It does not instruct reading unrelated system files, environment secrets, or sending data to external endpoints.
- Install Mechanism
- okNo install spec and no code files to execute. Instruction-only skills are lowest risk; there are no downloads or archive extracts.
- Credentials
- okThe skill declares no required env vars or credentials. Some example snippets reference ENV.fetch and configuration ENV names (typical in application examples), but those are illustrative and not required by the skill itself.
- Persistence & Privilege
- okFlags show default invocation behavior (not always:true). The skill does not request permanent presence or modify other skills or system configs.