nextjs-security-scan_skill

This skill performs a security scan for Next.js projects, identifying OWASP risks, secrets exposure, and dependency CVEs to deliver actionable findings.
  • Python

61

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill sugarforever/01coder-agent-skills --skill nextjs-security-scan

  • SKILL.md5.3 KB

Overview

This skill performs comprehensive security scanning for Next.js and TypeScript/JavaScript projects, producing actionable findings prioritized by severity. It detects OWASP Top 10 issues, XSS and injection patterns, authentication flaws, hardcoded secrets, dependency CVEs, and Next.js-specific misconfigurations. Reports are formatted for CI/CD ingestion and developer remediation.

How this skill works

The scanner discovers project type and important files (Next.js config, package manifests, env templates, middleware, API routes) and maps the codebase. It runs a dependency audit, secret scanning (skipping real .env files by default), pattern analysis against curated vulnerability references, and classifies findings by severity. The tool outputs human-readable findings and machine-friendly formats (SARIF/JSON) with code snippets, risk explanations, and remediation steps.

When to use it

  • Pre-deployment security checks for Next.js applications
  • Code review or security audit of Next.js / React codebases
  • Dependency vulnerability and CVE assessments before releases
  • Detecting hardcoded secrets and poorly documented env templates
  • Targeted scans for XSS, injection, auth, or Next.js-specific issues

Best practices

  • Run a Quick Scan in CI for every PR and a Full Scan on main builds
  • Keep real .env files out of version control; scan only .env.example or templates by default
  • Use targeted flags (e.g., --xss, --deps) for focused assessments in code review
  • Prioritize CRITICAL and HIGH findings for immediate fixes; track MEDIUM/LOW in backlog
  • Integrate SARIF/JSON outputs into code scanning and ticketing workflows

Example use cases

  • Automated PR gate: block merge if Critical or High issues are found
  • Security review sprint: run Full Scan across monorepo to prioritize fixes
  • Secret hygiene check: scan for hardcoded keys and improve .env.example docs
  • Dependency sweep: detect known CVEs and generate upgrade suggestions
  • Targeted XSS audit: run --xss to find and remediate client-side rendering risks

FAQ

No. Real .env files are skipped by default to avoid exposing secrets; only templates like .env.example are analyzed unless you explicitly enable env scanning.

What formats can the report be exported to?

Reports can be generated as human-readable markdown, SARIF for GitHub Code Scanning, or JSON for custom CI/CD integrations.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational