Skills
.Work. You
Rest

sdcorejs-review-security-nextjs

Community

Audit Next.js security before release.

Software Engineering#xss#owasp#security review#server actions#nextjs#csp#open redirect
Authorsdcorejs
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Prevents Next.js-specific security failures by detecting missing authentication, secret leakage, insecure headers, injection vectors, and unsafe redirects before shipping.

Core Features & Use Cases

  • Cross-track baseline + Next.js checks: Runs review/security/shared.md first, then evaluates Next.js-specific risks like NEXT_PUBLIC_* leaks, Server Actions access control, and route handler auth.
  • Frontend injection and policy validation: Flags unsanitized dangerouslySetInnerHTML, missing/weak Content-Security-Policy, and missing security response headers.
  • Misconfiguration and abuse surface checks: Looks for middleware matcher gaps, overly broad next/image remotePatterns, open redirects, and contact-form spam/rate-limit handling.

Quick Start

Run the security review nextjs skill to audit a Next.js codebase and produce Critical/Important/Minor findings with OWASP mapping and grep evidence.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: sdcorejs-review-security-nextjs
Download link: https://github.com/sdcorejs/sdcorejs-agent/archive/main.zip#sdcorejs-review-security-nextjs

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.