ClawHub

Nextjs

v1.0.0

Next.js App Router best practices — Server Components, data fetching, caching, routing, middleware, metadata, error handling, streaming, Server Actions, and performance optimization for Next.js 14-16+.

0· 910·2 current·2 all-time
by@wpank
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Next.js App Router guidance) align with the content: large SKILL.md and many reference docs containing patterns, code snippets, and deployment guidance. The skill requests no binaries, env vars, or installs, which is proportionate for a documentation/guide skill.
Instruction Scope
Runtime instructions are guidance-only (examples, code snippets, and an install hint for 'npx clawhub install nextjs'). Reference files include examples that access process.env (e.g., REDIS_URL, CACHE_BUCKET, DATABASE_URL) and third-party services (Cloudinary, Google Analytics) but these are demonstrative for deployment examples rather than directives for the agent to read local secrets or exfiltrate data. Reviewers should be aware copying examples into production without validating env handling can leak secrets, but the skill itself does not instruct the agent to access unrelated system files or secrets.
Install Mechanism
No install spec and no code to download/execute. Instruction-only skills are lowest-risk from an install mechanism perspective.
Credentials
The skill declares no required environment variables or credentials (none in requires.env). Several sample snippets and deployment examples reference common env names (REDIS_URL, AWS_REGION, CACHE_BUCKET, DATABASE_URL, API_SECRET). These are reasonable illustrative examples for a Next.js guide but are not required by the skill; users should not paste these examples into a project without supplying appropriate, secure credentials.
Persistence & Privilege
Flags show always:false and no install actions that modify system or other skills. disable-model-invocation is false (agent can invoke autonomously) which is the platform default; this is not combined with any other persistent or privileged behavior.
Assessment
This skill is a documentation-style, instruction-only guide for Next.js App Router and is internally consistent with that purpose. It does include deployment and integration examples that show env variable names and connectors (Redis, S3/AWS, analytics/CDNs). That is normal for a guide — but before you copy-run any example code, make sure you: (1) do not paste secrets into public repos or consoles, (2) provide real credentials only in secure runtime environments, and (3) review any third‑party service URLs or SDK usage to avoid unintended data exposure. If you want extra caution, inspect the exact snippets you plan to use and test them in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dzc5tf5svq3xcg2223cy5x80w9b8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments