by 安全扫描
OpenClaw
安全
high confidenceThis is an instruction-only Next.js App Router best-practices skill whose requirements and instructions are consistent with its stated purpose; nothing in the bundle asks for unrelated credentials, installs, or hidden endpoints.
评估建议
This skill is a documentation-style, instruction-only guide for Next.js App Router and is internally consistent with that purpose. It does include deployment and integration examples that show env variable names and connectors (Redis, S3/AWS, analytics/CDNs). That is normal for a guide — but before you copy-run any example code, make sure you: (1) do not paste secrets into public repos or consoles, (2) provide real credentials only in secure runtime environments, and (3) review any third‑party s...详细分析 ▾
✓ 用途与能力
Name/description (Next.js App Router guidance) align with the content: large SKILL.md and many reference docs containing patterns, code snippets, and deployment guidance. The skill requests no binaries, env vars, or installs, which is proportionate for a documentation/guide skill.
ℹ 指令范围
Runtime instructions are guidance-only (examples, code snippets, and an install hint for 'npx clawhub install nextjs'). Reference files include examples that access process.env (e.g., REDIS_URL, CACHE_BUCKET, DATABASE_URL) and third-party services (Cloudinary, Google Analytics) but these are demonstrative for deployment examples rather than directives for the agent to read local secrets or exfiltrate data. Reviewers should be aware copying examples into production without validating env handling can leak secrets, but the skill itself does not instruct the agent to access unrelated system files or secrets.
✓ 安装机制
No install spec and no code to download/execute. Instruction-only skills are lowest-risk from an install mechanism perspective.
ℹ 凭证需求
The skill declares no required environment variables or credentials (none in requires.env). Several sample snippets and deployment examples reference common env names (REDIS_URL, AWS_REGION, CACHE_BUCKET, DATABASE_URL, API_SECRET). These are reasonable illustrative examples for a Next.js guide but are not required by the skill; users should not paste these examples into a project without supplying appropriate, secure credentials.
✓ 持久化与权限
Flags show always:false and no install actions that modify system or other skills. disable-model-invocation is false (agent can invoke autonomously) which is the platform default; this is not combined with any other persistent or privileged behavior.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/10
Initial release with best practices and reference guides for Next.js App Router. - Comprehensive SKILL.md covers Server/Client Components, data fetching, caching, routing, middleware, metadata, error handling, and performance for Next.js 14–16+. - Added 14 detailed reference files in /references for async APIs, bundling, data patterns, file conventions, error handling, font/image optimization, hydration errors, metadata, parallel routes, route handlers, and more. - Includes decision trees, code examples, tables, and checklists for real-world scenarios and debugging. - Designed to help avoid common pitfalls and apply the latest Next.js features and patterns.
● 无害
安装命令
点击复制官方npx clawhub@latest install nextjs-guidelines
镜像加速npx clawhub@latest install nextjs-guidelines --registry https://cn.longxiaskill.com