Nextjs
Analysis
This is an instruction-only Next.js guidance skill with purpose-aligned examples, though users should review migration commands and avoid copying examples that display session tokens.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Run: `npx @next/codemod@canary upgrade latest` ... `npm install next@latest react@latest react-dom@latest`
The skill recommends user-directed canary/latest package and codemod commands. This is aligned with Next.js migration guidance, but unpinned package execution and dependency upgrades should be reviewed before running.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
const token = cookieStore.get('session'); ... <p>Session: {token?.value}</p>The examples demonstrate reading and rendering cookie/session token values. This is relevant to the async cookies() API topic, but real applications should not display session secrets.