audit-nextjs-server-actions
CommunityTighten Next.js Server Actions with robust checks.
Software Engineering#authorization#security#authentication#nextjs#input-validation#csrf#server-actions
AuthorShankulkarni
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Many Next.js applications rely on Server Actions without proper authentication, input validation, or CSRF protection, creating attack surfaces where server endpoints can be called publicly or with insufficient checks.
Core Features & Use Cases
- Identifies server actions that run with 'use server' without authentication checks.
- Flags unvalidated inputs passed to database or external calls.
- Detects data over-fetching from server actions and missing cache invalidation patterns like revalidatePath.
- Provides actionable remediation steps and best-practice guidance for securing Next.js Server Actions in App Router.
- Use Case: A team auditing a Next.js app that uses server actions across pages to ensure only authenticated users can mutate data.
Quick Start
Review Next.js Server Actions and implement recommended security patterns (auth checks, input validation, error handling) to protect server endpoints.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: audit-nextjs-server-actions Download link: https://github.com/Shankulkarni/vibe-audit/archive/main.zip#audit-nextjs-server-actions Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.