Nuke on Rails checks a Rails project with one command
A Reddit user introduced a skill that audits a Rails project with one command. The tool was inspired by a Cursor plugin and is focused on Rails security and code quality. The author says it runs deterministic scanners first, then returns one list of critical issues sorted by impact.
Key points
- The command shown is /nuke-on-rails for running the Rails audit.
- It checks CVEs, unsupported Ruby/Rails versions, missing authorization, and committed secrets.
- It looks for unsafe setup around SSL, CSP, CSRF, Sidekiq, PgHero, CORS, GraphQL, OAuth, and XXE.
- It also checks whether PII leaks into logs or LLM calls.
- The author says scanners run before the LLM review step.
Quick term guide
- deterministic
- Giving the same result every time when the input is the same.
- scanners
- Tools that automatically check code or settings for known problems.
- Critical
- A label for a very serious security issue.
- Solo makers
- People who build and launch their own products or services entirely on their own.
- workflow
- A repeatable set of steps for getting a task done.
- secrets
- Private values such as API keys or passwords that should not be exposed.
- LLM calls
- Requests sent to an AI language model like ChatGPT or Claude; more calls mean higher costs
- LLM call
- Sending a question or instruction to an AI language model (like ChatGPT or Claude) and receiving its response.