Skip to main content

web-nextjs

Provides expertise in building and deploying web applications with Next.js 15, focusing on modern features like App Router and server actions.

Install this skill

or
77/100

Security score

The web-nextjs skill was audited on Mar 1, 2026 and we found 7 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 39

Fetch to external URL

SourceSKILL.md
39- API routes: Define in app/api/route.js, e.g., export async function GET(request) { const data = await fetch('https://api.example.com'); return Response.json(data); }.
medium line 30

Webhook reference - potential data exfiltration

SourceSKILL.md
30- Vercel Deployment: Deploy apps with zero-config via Vercel CLI; supports automatic ISR invalidation through webhooks.
medium line 40

Access to .env file

SourceSKILL.md
40- Config formats: Edit next.config.js for custom settings, e.g., module.exports = { images: { domains: ['example.com'] }, experimental: { appDir: true } }; use .env.local for env vars like NEXT_PUBLIC
medium line 44

Access to .env file

SourceSKILL.md
44Integrate databases like PostgreSQL via Prisma: install @prisma/client, run `npx prisma migrate dev`, and use in server actions with env var $DATABASE_URL for connection strings. For auth, use NextAut
low line 38

External URL reference

SourceSKILL.md
38- Build and deploy: `next build` for production build, then `vercel --prod` for deployment; use Vercel API endpoint like POST https://api.vercel.com/v13/now/deployments?teamId=$VERCEL_TEAM_ID with JSO
low line 39

External URL reference

SourceSKILL.md
39- API routes: Define in app/api/route.js, e.g., export async function GET(request) { const data = await fetch('https://api.example.com'); return Response.json(data); }.
low line 40

External URL reference

SourceSKILL.md
40- Config formats: Edit next.config.js for custom settings, e.g., module.exports = { images: { domains: ['example.com'] }, experimental: { appDir: true } }; use .env.local for env vars like NEXT_PUBLIC
Scanned on Mar 1, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawfrontendbackendfrontend-developerfullstack-developerproduct-managergrowth-pmux-designervercelpostgresqldevelopmentproductdesign
alphaonedev/openclaw-graph