What versions of Next.js are supported?

The skill is designed for modern Next.js applications and is compatible with both the App Router and the traditional Pages Router architectures.

Does this skill scan my actual .env files?

By default, the scanner skips real .env files (like .env.local) to protect sensitive secrets, focusing instead on .env.example templates for documentation quality and source code for hardcoded values.

Can I integrate this with my CI/CD pipeline?

Yes, the skill can generate security findings in formats compatible with GitHub Security Advisories and SARIF for automated code scanning integrations.

How are security findings prioritized?

Findings are classified into five severity levels: Critical, High, Medium, Low, and Info, each providing specific context on the risk and recommended remediation steps.

Does it detect vulnerable NPM packages?

Yes, it includes a dependency audit step that runs npm or yarn audit to identify packages with known vulnerabilities (CVEs) listed in your package.json.

Next.js Security Scanner

Name: Next.js Security Scanner
Author: sugarforever

bysugarforever

•

보안 및 테스팅

Audits Next.js applications for OWASP vulnerabilities, hardcoded secrets, and dependency risks to ensure production-grade security.

This skill empowers Claude to perform thorough security audits on Next.js and TypeScript projects by identifying OWASP Top 10 vulnerabilities, insecure patterns like dangerouslySetInnerHTML, and authentication flaws. It facilitates automated dependency CVE checks and scans for hardcoded secrets in source code while safely managing environment variables. By mapping codebase structures and analyzing patterns across both App and Pages routers, it generates detailed, actionable security reports that help developers remediate risks before deployment.

주요 기능

01Automated OWASP Top 10:2025 vulnerability detection

02Detailed severity-ranked security reports with remediation guidance

03Pattern-based analysis for XSS, SQL injection, and auth flaws

04Comprehensive dependency audits for known CVEs via npm/yarn

05Safe secret scanning for hardcoded credentials and .env templates

0619 GitHub stars

사용 사례

01Conducting pre-deployment security audits for Next.js production builds

02Identifying and patching vulnerable dependencies in TypeScript projects

03Reviewing code for common security pitfalls and hardcoded API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sugarforever/01coder-agent-skills nextjs-security-scan

For use in Claude.ai and ChatGPT

주요 기능

01Automated OWASP Top 10:2025 vulnerability detection

02Detailed severity-ranked security reports with remediation guidance

03Pattern-based analysis for XSS, SQL injection, and auth flaws

04Comprehensive dependency audits for known CVEs via npm/yarn

05Safe secret scanning for hardcoded credentials and .env templates

0619 GitHub stars

사용 사례

01Conducting pre-deployment security audits for Next.js production builds

02Identifying and patching vulnerable dependencies in TypeScript projects

03Reviewing code for common security pitfalls and hardcoded API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sugarforever/01coder-agent-skills nextjs-security-scan

For use in Claude.ai and ChatGPT