📦 Next Best Practices — Next最佳实践
v0.1.0一站式梳理 Next.js 官方推荐范式:文件命名、RSC 边界、数据获取、异步 API、元数据、错误处理、路由处理器、图片字体优化与打包策略,帮助团队快速落地高性能、可维护的现代 Web 应用。
2· 1.8k·26 当前·29 累计
by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
安全
high confidenceThis is an instruction-only Next.js best-practices guide (no install, no credentials) and its required/declared surface matches the stated purpose; only developer-facing debug examples (local MCP endpoint, reading local font files) merit caution if the agent is permitted network or filesystem access.
评估建议
This skill is a documentation-only Next.js best-practices bundle and is coherent with its description. It does not request credentials or install software. Two practical cautions: (1) the debug-tricks.md section shows how to call a local dev endpoint (/_next/mcp) which can return project paths, routes, logs and other development metadata — only allow the agent to make network requests to localhost if you trust it and its environment; (2) several examples show reading local files (fonts, assets) ...详细分析 ▾
✓ 用途与能力
Name/description match the provided files: the repository is a collection of Next.js guidance (file conventions, RSC boundaries, routing, images/fonts, bundling, etc.). No unrelated environment variables, binaries, or install steps are requested. All files are documentation/examples consistent with a linter/guide style skill.
ℹ 指令范围
SKILL.md and the included files are human-oriented guidance and code samples for writing Next.js apps. Most instructions stay on-topic. One notable section (debug-tricks.md) documents using the local dev MCP endpoint (/_next/mcp) with curl and lists RPC tools that can reveal project paths, dev server URL, routes, errors, and log file locations. Those are legitimate developer debugging steps but — if an agent were given network access to localhost or filesystem access — they would allow it to query local dev servers and learn local paths and runtime data. The files also contain code samples that read local files (e.g., readFile for custom fonts) which are examples, not code the skill automatically runs.
✓ 安装机制
No install specification and no code to write to disk — lowest-risk posture. This is instruction-only; the skill will not fetch or execute third‑party binaries during install.
ℹ 凭证需求
The skill declares no required environment variables, credentials, or config paths. However, the documentation includes examples that access local resources (dev server endpoints, local font files, .next logs). Those examples do not require you to provide secrets, but if the agent is allowed to make network requests to localhost or read files, it could obtain local project metadata and logs — so the requested surface remains proportionate to the stated purpose but operational permissions granted to the agent change the risk.
✓ 持久化与权限
No 'always: true', no install-time writes, and nothing in the files attempts to modify other skills or global agent config. The skill is not requesting persistent privileges beyond normal agent invocation.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/2/20
Initial release summarizing Next.js best practices: - Covers file conventions, project structure, and special routing patterns. - Documents RSC (React Server Component) boundaries and async API patterns. - Provides guidance on error handling, metadata generation, and image/font optimization. - Details bundling, script usage, hydration errors, and Suspense requirements. - Includes recommendations for route handlers, data patterns, self-hosting, and debug tips.
● 可疑
安装命令
点击复制官方npx clawhub@latest install next-best-practices
镜像加速npx clawhub@latest install next-best-practices --registry https://cn.longxiaskill.com