ClawHub

Django

v1.0.1

Avoid common Django mistakes — QuerySet evaluation, N+1 queries, migration conflicts, and ORM traps.

2· 1.3k·6 current·6 all-time
byIván@ivangdavila
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Django ORM, N+1, migrations, security) matches the provided markdown files; the only declared binary requirement is python3, which is reasonable for a Django-focused skill and no unrelated credentials or tools are requested.
Instruction Scope
SKILL.md and the included docs contain static guidance and do not instruct the agent to read system secrets, access external endpoints, or run arbitrary commands. There is no scope creep in the runtime instructions.
Install Mechanism
No install spec and no code files — this is instruction-only, so nothing is downloaded or written to disk during install.
Credentials
The skill requests no environment variables, credentials, or config paths; requested access is minimal and proportional to being a documentation skill.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system presence or modify other skills or system-wide settings.
Assessment
This skill is a set of static Django best-practice notes and appears internally consistent. Because it is instruction-only (no install, no secrets requested), it carries low risk by itself. Before installing, consider: (1) verify the content matches your expected Django version and coding standards, (2) be cautious if you later combine this skill with other skills that can execute code or access files — those could change the risk profile, and (3) review the security.md recommendations in your own codebase (e.g., ensure SECRET_KEY and ALLOWED_HOSTS are handled properly).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🌿 Clawdis
OSLinux · macOS · Windows
Binspython3
latestvk977tgm5w77807616pbzcfanbs814k2a
1.3kdownloads
2stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Linux, macOS, Windows
Iván@ivangdavila
latest
Download

Quick Reference

TopicFile
QuerySet lazy eval, N+1, transactionsorm.md
Request handling, middleware, contextviews.md
Validation, CSRF, file uploadsforms.md
Migrations, signals, managersmodels.md
XSS, CSRF, SQL injection, authsecurity.md
Async views, ORM in async, channelsasync.md

Critical Rules

  • QuerySets are lazy — iterating twice hits DB twice, use list() to cache
  • select_related for FK/O2O, prefetch_related for M2M — or N+1 queries
  • update() skips save() — no signals fire, no auto_now update
  • F() for atomic updates — F('count') + 1 avoids race conditions
  • get() raises DoesNotExist or MultipleObjectsReturned — use filter().first() for safe
  • DEBUG=False requires ALLOWED_HOSTS — 400 Bad Request without it
  • Forms need {% csrf_token %} — or 403 Forbidden on POST
  • auto_now can't be overridden — use default=timezone.now if need manual set
  • exclude(field=None) excludes NULL — use filter(field__isnull=True) for NULL
  • Circular imports in models — use string reference: ForeignKey('app.Model')
  • transaction.atomic() doesn't catch exceptions — errors still propagate
  • sync_to_async for ORM in async views — ORM is sync-only

Comments

Loading comments...