- Home
- Skills
- Sugarforever
- 01coder Agent Skills
- Nextjs Security Scan
nextjs-security-scan_skill
- Python
61
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill sugarforever/01coder-agent-skills --skill nextjs-security-scan- SKILL.md5.3 KB
Overview
This skill performs comprehensive security scanning for Next.js and TypeScript/JavaScript projects, producing actionable findings prioritized by severity. It detects OWASP Top 10 issues, XSS and injection patterns, authentication flaws, hardcoded secrets, dependency CVEs, and Next.js-specific misconfigurations. Reports are formatted for CI/CD ingestion and developer remediation.
How this skill works
The scanner discovers project type and important files (Next.js config, package manifests, env templates, middleware, API routes) and maps the codebase. It runs a dependency audit, secret scanning (skipping real .env files by default), pattern analysis against curated vulnerability references, and classifies findings by severity. The tool outputs human-readable findings and machine-friendly formats (SARIF/JSON) with code snippets, risk explanations, and remediation steps.
When to use it
- Pre-deployment security checks for Next.js applications
- Code review or security audit of Next.js / React codebases
- Dependency vulnerability and CVE assessments before releases
- Detecting hardcoded secrets and poorly documented env templates
- Targeted scans for XSS, injection, auth, or Next.js-specific issues
Best practices
- Run a Quick Scan in CI for every PR and a Full Scan on main builds
- Keep real .env files out of version control; scan only .env.example or templates by default
- Use targeted flags (e.g., --xss, --deps) for focused assessments in code review
- Prioritize CRITICAL and HIGH findings for immediate fixes; track MEDIUM/LOW in backlog
- Integrate SARIF/JSON outputs into code scanning and ticketing workflows
Example use cases
- Automated PR gate: block merge if Critical or High issues are found
- Security review sprint: run Full Scan across monorepo to prioritize fixes
- Secret hygiene check: scan for hardcoded keys and improve .env.example docs
- Dependency sweep: detect known CVEs and generate upgrade suggestions
- Targeted XSS audit: run --xss to find and remediate client-side rendering risks
FAQ
No. Real .env files are skipped by default to avoid exposing secrets; only templates like .env.example are analyzed unless you explicitly enable env scanning.
What formats can the report be exported to?
Reports can be generated as human-readable markdown, SARIF for GitHub Code Scanning, or JSON for custom CI/CD integrations.