Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

clownnvd/nextjs

Name: nextjs
Author: clownnvd

nextjs/SKILL.md

npx skillsauth add clownnvd/claude-code-skills nextjs

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Next.js 16 — App Router

When to Use

Trigger on: next.js, nextjs, app router, server components, client components, use cache, proxy.ts, middleware migration, RSC, streaming, PPR, cacheComponents, route handler, server action, params, searchParams, cookies, headers, Suspense, cacheLife, cacheTag, revalidatePath, revalidateTag, next.config, turbopack, webpack.

Reference Files

| File | Description | |------|-------------| | references/breaking-changes.md | 12 v15→v16 breaking changes, codemods, route segment replacements, CVE-2025-66478 | | references/best-practices.md | Server/Client components, data fetching, caching, proxy, forms, auth, async APIs, performance | | references/errors-critical-high.md | ERR-001 to ERR-014 — CRITICAL and HIGH severity errors with code fixes | | references/errors-medium-low.md | ERR-015 to ERR-037 — MEDIUM and LOW severity errors, CVE summary | | references/ecosystem.md | Prisma 7, Better Auth, Polar, @react-pdf, Anthropic SDK, Tailwind v4 compatibility | | references/patches.md | 6 postinstall patches + 3 config workarounds for Next.js 16.1.6 | | references/quick-cards.md | 11 quick reference cards (A-K): data fetching, caching, forms, proxy, env vars, DO/DON'T |

Error Quick Lookup

| ID | Error | Severity | |----|-------|----------| | ERR-001 | CVE-2025-66478 RCE (CVSS 10.0) | CRITICAL | | ERR-002 | Async params/searchParams TypeError | CRITICAL | | ERR-003 | middleware.ts silently ignored | CRITICAL | | ERR-004 | htmlLimitedBots build crash | CRITICAL | | ERR-005 | useContext null in global-error | CRITICAL | | ERR-006 | Turbopack + webpack config conflict | HIGH | | ERR-007 | Uncached data outside Suspense | HIGH | | ERR-008 | SWC options undefined (16.1.6) | HIGH | | ERR-009 | Missing NextRequest/Response stubs | HIGH | | ERR-010 | Dynamic APIs inside cache scope | HIGH | | ERR-011 | "use cache" prerender timeout | HIGH | | ERR-012 | Route segment config + cacheComponents | HIGH | | ERR-013 | Functions passed to Client Components | HIGH | | ERR-014 | useState/useContext null in build | HIGH |

For ERR-015 to ERR-037, see references/errors-medium-low.md.

Top 5 Breaking Changes

| # | Change | Fix | |---|--------|-----| | 1 | middleware.ts → proxy.ts | Rename file + function. Codemod: npx @next/codemod@canary middleware-to-proxy . | | 2 | Async request APIs | await params, await cookies(). Codemod: npx @next/codemod next-async-request-api . | | 3 | fetch not cached by default | Add { cache: 'force-cache' } explicitly | | 4 | Turbopack is default bundler | Use --webpack flag to revert | | 5 | Route segment configs removed | Replace with 'use cache' + cacheLife() |

Key Patterns

Async Request APIs (v16)

// Server Component
const { slug } = await params
const { q } = await searchParams
const cookieStore = await cookies()

// Route Handler
export async function GET(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const { id } = await params
}

Caching

async function getData(id: string) {
  'use cache'
  cacheTag(`item-${id}`)
  return db.item.findUnique({ where: { id } })
}

// Invalidate in Server Action
'use server'
async function updateItem(id: string) {
  await db.item.update(...)
  revalidatePath('/items')   // BEFORE redirect
  redirect('/items')
}

Proxy (formerly Middleware)

// src/proxy.ts
export function proxy(request: NextRequest) {
  const token = request.cookies.get('session')?.value
  if (!token && request.nextUrl.pathname.startsWith('/dashboard'))
    return NextResponse.redirect(new URL('/login', request.url))
  return NextResponse.next()
}
export const config = { matcher: ['/dashboard/:path*'] }

Security

CVE-2025-66478 (CVSS 10.0 — RCE): Unauthenticated RCE via Next-Action header deserialization. Fix: pnpm add [email protected]+.

clownnvd/nextjs

nextjs/SKILL.md

Next.js 16 App Router patterns, proxy.ts, use cache, async APIs, 37 documented errors with fixes, ecosystem compatibility, postinstall patches.

development

Updated Apr 4, 2026

$ install --global

skillsauth

npx skillsauth add clownnvd/claude-code-skills nextjs

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 24, 2026, 7:48 AM4.7s1 file scanned

SKILL.md

name:: nextjs
description:: Next.js 16 App Router patterns, proxy.ts, use cache, async APIs, 37 documented errors with fixes, ecosystem compatibility, postinstall patches.

Next.js 16 — App Router

When to Use

Reference Files

Error Quick Lookup

For ERR-015 to ERR-037, see references/errors-medium-low.md.

Top 5 Breaking Changes

Key Patterns

Async Request APIs (v16)

// Server Component
const { slug } = await params
const { q } = await searchParams
const cookieStore = await cookies()

// Route Handler
export async function GET(_req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
  const { id } = await params
}

Caching

async function getData(id: string) {
  'use cache'
  cacheTag(`item-${id}`)
  return db.item.findUnique({ where: { id } })
}

// Invalidate in Server Action
'use server'
async function updateItem(id: string) {
  await db.item.update(...)
  revalidatePath('/items')   // BEFORE redirect
  redirect('/items')
}

Proxy (formerly Middleware)

// src/proxy.ts
export function proxy(request: NextRequest) {
  const token = request.cookies.get('session')?.value
  if (!token && request.nextUrl.pathname.startsWith('/dashboard'))
    return NextResponse.redirect(new URL('/login', request.url))
  return NextResponse.next()
}
export const config = { matcher: ['/dashboard/:path*'] }

Security

CVE-2025-66478 (CVSS 10.0 — RCE): Unauthenticated RCE via Next-Action header deserialization. Fix: pnpm add [email protected]+.

Related Skills

clownnvd/seo-geo-on-top

testing

VerifiedTrustedCommunity

Battle-tested SEO+GEO playbook to rank on page 1 and get cited by AI answer engines. Use when writing or optimizing posts, adding JSON-LD schema, fixing technical SEO, or diagnosing rankings.

1SKILL.mdUpdated Jun 7, 2026

clownnvd/seo-geo-on-top

clownnvd/zustand-pro

tools

VerifiedTrustedCommunity

Zustand v5 state management for Next.js 16. Store patterns, middleware (persist/immer/devtools), SSR hydration, CV editor multi-step wizard, 20 documented errors. Triggers: zustand, store, state management, useState replacement, global state, persist, immer.

SKILL.mdUpdated Apr 4, 2026

clownnvd/vercel-react-best-practices

development

VerifiedTrustedCommunity

React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.

SKILL.mdUpdated Apr 4, 2026

clownnvd/vercel-react-best-practices

clownnvd/ultimateuiux

development

VerifiedTrustedCommunity

Ultimate UI/UX design intelligence with real app flow knowledge. 93 styles, 121 palettes, 81 font pairings, 35 charts, 79 components, 62 animations, 65 WCAG criteria, 46 responsive patterns, 46 dark mode rules, 60 design tokens, 13 stacks. PLUS: Claude.ai full UI blueprint (19 flows, all screens), PageFlows app patterns. Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check, clone, recreate, rebuild. Styles: glassmorphism, brutalism, neumorphism, bento, dark mode, view transitions, scroll-driven, container queries, AI-native, liquid glass, neo-minimalism, mesh gradient, geometric abstraction. Topics: color, accessibility, animation, layout, typography, spacing, shadow, gradient, responsive, dark mode, WCAG 2.2, design tokens, components, spring physics, kinetic typography, container queries, popover API, semantic tokens. Apps: claude.ai, ChatGPT-style, AI chat UI, SaaS dashboard.

SKILL.mdUpdated Apr 4, 2026

clownnvd/ultimateuiux

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/clownnvd/claude-code-skills.git

# Copy into Claude Code skills folder (global)
cp -r claude-code-skills/nextjs ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

clownnvd/claude-code-skills

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT