ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

i18n (Internationalization) guideline skills for nextjs web development

v1.0.0

Internationalization (i18n) guide for Next.js / Node.js web applications using the App Router. Covers translation file structure, locale routing, SEO metadat...

0· 472·1 current·1 all-time
by@javainthinking
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill name/description (Next.js i18n guidance) matches the content: it documents file layout, middleware, hooks, metadata, JSON-LD, and sitemap patterns. All referenced files/paths (src/app/[lang], src/lib/i18n, dictionaries, sitemap.ts, middleware.ts) are appropriate for the stated purpose.
Instruction Scope
SKILL.md contains detailed code patterns and explicit file paths that stay within the scope of adding i18n to a Next.js App Router project. It instructs reading locale JSONs, using getDictionary/useDictionary, modifying layout/page generateMetadata, middleware locale detection, and sitemap generation. Two things to note: (1) it suggests using process.env.NEXT_PUBLIC_APP_URL (with a fallback) — the guide assumes an env var may exist but doesn't require it; (2) it uses client-side DOM updates and dangerouslySetInnerHTML for JSON-LD (JSON.stringify is used in examples, which is safe for structured data, but inserting untrusted HTML elsewhere could be an XSS risk).
Install Mechanism
There is no install spec and no code files with executable install steps — this is instruction-only content, which is lowest install risk.
Credentials
The skill declares no required env vars and requests no credentials, which is appropriate. The instructions reference process.env.NEXT_PUBLIC_APP_URL (with a default fallback) — this is reasonable and optional but technically an environment access not declared in requires.env. No sensitive secrets are requested. Client-side use of localStorage is expected for locale persistence.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills. It prescribes only application-level file and code changes within the Next.js project.
Assessment
This guide appears coherent and safe for implementing i18n in a Next.js App Router project. Before applying it: 1) Ensure your project matches the App Router structure the guide assumes (src/app/[lang], server vs client components). 2) If you set NEXT_PUBLIC_APP_URL in env, confirm it's the correct public base URL; the examples fall back to a literal default if the env var is missing. 3) Watch out for XSS: structured-data examples use JSON.stringify (safe), but avoid placing untrusted HTML into dangerouslySetInnerHTML or translation strings that may contain markup. 4) The guide recommends never using machine translation for production copy — follow your org's localization and review processes. If you need the skill to perform any automated actions (editing files, running scripts), require an explicit install or code-based tool instead of following the prose directly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9731yed92mq5thzrp4h052da581sshj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments