mihaicrisan04/clerk-nextjs-patterns
.agents/skills/clerk-nextjs-patterns/SKILL.md
Advanced Next.js patterns - middleware, Server Actions, caching with Clerk.
tools
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add mihaicrisan04/zalem clerk-nextjs-patternsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 6:56 PM12.5s7 files scanned
SKILL.md
- name:
- clerk-nextjs-patterns
- description:
- Advanced Next.js patterns - middleware, Server Actions, caching with Clerk.
- license:
- MIT
- allowed-tools:
- WebFetch
- author:
- clerk
- version:
- 2.1.0
Next.js Patterns
Version: Check
package.jsonfor the SDK version — seeclerkskill for the version table. Core 2 differences are noted inline with> **Core 2 ONLY (skip if current SDK):**callouts.
For basic setup, see setup/.
Impact Levels
- CRITICAL - Breaking bugs, security holes
- HIGH - Common mistakes
- MEDIUM - Optimization
References
| Reference | Impact |
| ------------------------------------- | ---------------------------------------------------------------------------------- |
| references/server-vs-client.md | CRITICAL - await auth() vs hooks |
| references/middleware-strategies.md | HIGH - Public-first vs protected-first, proxy.ts (Next.js <=15: middleware.ts) |
| references/server-actions.md | HIGH - Protect mutations |
| references/api-routes.md | HIGH - 401 vs 403 |
| references/caching-auth.md | MEDIUM - User-scoped caching |
Mental Model
Server vs Client = different auth APIs:
- Server:
await auth()from@clerk/nextjs/server(async!) - Client:
useAuth()hook from@clerk/nextjs(sync)
Never mix them. Server Components use server imports, Client Components use hooks.
Key properties from auth():
isAuthenticated— boolean, replaces the!!userIdpatternsessionStatus—'active'|'pending', for detecting incomplete session tasksuserId,orgId,orgSlug,has(),protect()— unchanged
Core 2 ONLY (skip if current SDK):
isAuthenticatedandsessionStatusare not available. Check!!userIdinstead.
Minimal Pattern
// Server Component
import { auth } from '@clerk/nextjs/server'
export default async function Page() {
const { isAuthenticated, userId } = await auth() // MUST await!
if (!isAuthenticated) return <p>Not signed in</p>
return <p>Hello {userId}</p>
}
Core 2 ONLY (skip if current SDK):
isAuthenticatedis not available. Useif (!userId)instead.
Conditional Rendering with <Show>
For client-side conditional rendering based on auth state:
import { Show } from "@clerk/nextjs";
<Show when="signed-in" fallback={<p>Please sign in</p>}>
<Dashboard />
</Show>;
Core 2 ONLY (skip if current SDK): Use
<SignedIn>and<SignedOut>components instead of<Show>. Seecustom-ui/core-3/show-component.mdfor the full migration table.
Common Pitfalls
| Symptom | Cause | Fix |
| -------------------------------------- | ------------------------- | ---------------------------------------- | ------------------------------------------------------ |
| undefined userId in Server Component | Missing await | await auth() not auth() |
| Auth not working on API routes | Missing matcher | Add '/(api | trpc)(.\*)'toproxy.ts(Next.js <=15:middleware.ts) |
| Cache returns wrong user's data | Missing userId in key | Include userId in unstable_cache key |
| Mutations bypass auth | Unprotected Server Action | Check auth() at start of action |
| Wrong HTTP error code | Confused 401/403 | 401 = not signed in, 403 = no permission |
See Also
setup/orgs/
Docs
Next.js SDK
Related Skills
mihaicrisan04/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
SKILL.mdUpdated Apr 16, 2026
mihaicrisan04/vercel-react-best-practices
development
VerifiedTrustedCommunity
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
SKILL.mdUpdated Apr 16, 2026
mihaicrisan04/vercel-composition-patterns
development
VerifiedTrustedCommunity
React composition patterns that scale. Use when refactoring components with boolean prop proliferation, building flexible component libraries, or designing reusable APIs. Triggers on tasks involving compound components, render props, context providers, or component architecture. Includes React 19 API changes.
SKILL.mdUpdated Apr 16, 2026
mihaicrisan04/turborepo
tools
VerifiedTrustedCommunity
Turborepo monorepo build system guidance. Triggers on: turbo.json, task pipelines, dependsOn, caching, remote cache, the "turbo" CLI, --filter, --affected, CI optimization, environment variables, internal packages, monorepo structure/best practices, and boundaries. Use when user: configures tasks/workflows/pipelines, creates packages, sets up monorepo, shares code between apps, runs changed/affected packages, debugs cache, or has apps/packages directories.
SKILL.mdUpdated Apr 16, 2026