ClawHub
Back to skill
v1.0.0

Nextjs Performance Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:45 AM.

Analysis

The skill appears benign: it provides disclosed, purpose-aligned instructions to inspect and build a Next.js project for performance analysis.

GuidanceThis skill is suitable for auditing a Next.js app, but expect it to inspect local project files and potentially run `npx next build`. Use it in the correct project folder and avoid running builds for untrusted repositories.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
SKILL.md
cat next.config.js 2>/dev/null || cat next.config.mjs 2>/dev/null || cat next.config.ts 2>/dev/null
cat package.json ...
ls app/ pages/ 2>/dev/null
find app/ -name "page.tsx"

The skill directs the agent to use local shell commands to inspect project configuration and source layout. This is expected for a Next.js analyzer, but it is still local project file access users should be aware of.

User impactThe agent may read parts of your project configuration and source tree to produce the audit.
RecommendationUse it in the intended Next.js project directory and avoid running it on repositories containing unrelated sensitive files if you do not want those files inspected.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
npx next build 2>&1 | tail -30

The skill recommends running a Next.js build to analyze bundle output. This is central to the stated purpose, but building a project can execute project build logic and create local build artifacts.

User impactThe audit may run your project's build process, which can take time and may generate or update the .next build directory.
RecommendationRun it only on projects you trust and expect to build locally; review project build scripts if you are analyzing unfamiliar code.