Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

monkilabs/nextjs-framework

Name: nextjs-framework
Author: monkilabs

src/orchestrator/plugins/nextjs/SKILL.md

npx skillsauth add monkilabs/opencastle nextjs-framework

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Next.js Framework

Critical Rule

Never use next/dynamic with { ssr: false } inside a Server Component. Extract the dynamic piece to a dedicated 'use client' component and import it from server components normally.

// ✅ Correct: wrap dynamic import in a 'use client' component
// components/MapClient.tsx
'use client';
import dynamic from 'next/dynamic';
const Map = dynamic(() => import('./Map'), { ssr: false });
export function MapClient(props: MapProps) { return <Map {...props} />; }

// Then import from a Server Component as normal:
// app/page.tsx
import { MapClient } from '@/components/MapClient';
export default function Page() { return <MapClient center={[0, 0]} />; }

Authenticated Routes

// app/dashboard/page.tsx
import { redirect } from 'next/navigation';
import { getSession } from '@/lib/auth';
export default async function Page() {
  const session = await getSession();
  if (!session) redirect('/login');
  // ... render dashboard
}

For middleware-based protection see REFERENCE.md § Middleware examples.

Server Actions

// app/actions.ts
'use server';
import { revalidatePath } from 'next/cache';
export async function updatePost(id: string, data: FormData) {
  await db.posts.update(id, Object.fromEntries(data));
  revalidatePath('/posts');
}

Data Fetching & Caching

// Server Component — cached by default; opt out with cache: 'no-store'
async function getPosts() {
  const res = await fetch('/api/posts', { next: { tags: ['posts'] } });
  return res.json() as Promise<Post[]>;
}
// On-demand revalidation: revalidateTag('posts') or revalidatePath('/posts')

Caching tiers (request memo → data cache → full route cache → router cache) and revalidation patterns are in REFERENCE.md § Caching Details.

Adding an Authenticated Route — Checklist

Create app/<route>/page.tsx as an async Server Component.

Validate: file exists and exports a default async component.

Call getSession() at the top and redirect('/login') when missing.

Validate: confirm there is no render path when session is falsy (no UI returned before redirect).

Add app/<route>/error.tsx for error boundaries.

Validate: tsc --noEmit recognizes the file and there are no missing imports.

Run tsc --noEmit and fix type errors.

Validate: tsc --noEmit exits with code 0.

Test: access the route without an auth cookie and confirm redirect to /login.

Validate: an unauthenticated HTTP request receives a 302/307 redirect to /login.

Project-specific conventions and deeper tables (routing, caching, component guidance) live in REFERENCE.md.

monkilabs/nextjs-framework

src/orchestrator/plugins/nextjs/SKILL.md

Explains how to configure App Router, implement server/client components, optimize data fetching, and secure routes. Use when the user mentions: 'add an authenticated route', 'migrate to App Router', 'optimize fetch caching', or 'fix RSC hydration'.

36 stars

tools

Updated Apr 17, 2026

$ install --global

skillsauth

npx skillsauth add monkilabs/opencastle nextjs-framework

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 17, 2026, 9:19 AM45.5s3 files scanned

SKILL.md

name:: nextjs-framework
description:: Explains how to configure App Router, implement server/client components, optimize data fetching, and secure routes. Use when the user mentions: 'add an authenticated route', 'migrate to App Router', 'optimize fetch caching', or 'fix RSC hydration'.

Next.js Framework

Critical Rule

Never use next/dynamic with { ssr: false } inside a Server Component. Extract the dynamic piece to a dedicated 'use client' component and import it from server components normally.

// ✅ Correct: wrap dynamic import in a 'use client' component
// components/MapClient.tsx
'use client';
import dynamic from 'next/dynamic';
const Map = dynamic(() => import('./Map'), { ssr: false });
export function MapClient(props: MapProps) { return <Map {...props} />; }

// Then import from a Server Component as normal:
// app/page.tsx
import { MapClient } from '@/components/MapClient';
export default function Page() { return <MapClient center={[0, 0]} />; }

Authenticated Routes

// app/dashboard/page.tsx
import { redirect } from 'next/navigation';
import { getSession } from '@/lib/auth';
export default async function Page() {
  const session = await getSession();
  if (!session) redirect('/login');
  // ... render dashboard
}

For middleware-based protection see REFERENCE.md § Middleware examples.

Server Actions

// app/actions.ts
'use server';
import { revalidatePath } from 'next/cache';
export async function updatePost(id: string, data: FormData) {
  await db.posts.update(id, Object.fromEntries(data));
  revalidatePath('/posts');
}

Data Fetching & Caching

// Server Component — cached by default; opt out with cache: 'no-store'
async function getPosts() {
  const res = await fetch('/api/posts', { next: { tags: ['posts'] } });
  return res.json() as Promise<Post[]>;
}
// On-demand revalidation: revalidateTag('posts') or revalidatePath('/posts')

Caching tiers (request memo → data cache → full route cache → router cache) and revalidation patterns are in REFERENCE.md § Caching Details.

Adding an Authenticated Route — Checklist

Create app/<route>/page.tsx as an async Server Component.

Validate: file exists and exports a default async component.

Call getSession() at the top and redirect('/login') when missing.

Validate: confirm there is no render path when session is falsy (no UI returned before redirect).

Add app/<route>/error.tsx for error boundaries.

Validate: tsc --noEmit recognizes the file and there are no missing imports.

Run tsc --noEmit and fix type errors.

Validate: tsc --noEmit exits with code 0.

Test: access the route without an auth cookie and confirm redirect to /login.

Validate: an unauthenticated HTTP request receives a 302/307 redirect to /login.

Project-specific conventions and deeper tables (routing, caching, component guidance) live in REFERENCE.md.

Related Skills

monkilabs/validation-gates

development

VerifiedTrustedCommunity

Defines 10 sequential validation gates: secret scanning, lint/test/build checks, blast radius analysis, dependency auditing, browser testing, cache management, regression checks, smoke tests. Use when running pre-deploy validation or CI checks, CI/CD pipelines, deployment pipeline validation, pre-merge checks, continuous integration, or pull request validation.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/validation-gates

monkilabs/testing-workflow

development

VerifiedTrustedCommunity

Generates test plans, writes unit/integration/E2E test files, identifies coverage gaps, flags common testing anti-patterns. Use when writing tests, creating test suites, planning test strategies, mocking dependencies, measuring code coverage, or test planning.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/testing-workflow

monkilabs/team-lead-reference

development

VerifiedTrustedCommunity

Provides model routing rules, validates delegation prerequisites, supplies cost tracking templates, defines dead-letter queue formats for Team Lead orchestration. Load when assigning tasks to agents, choosing model tiers, starting delegation session, running multi-agent workflow, delegating work, choosing which model to use, or assigning tasks.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/team-lead-reference

monkilabs/session-checkpoints

testing

VerifiedTrustedCommunity

Saves, restores session state including task progress, file changes, delegation history. Use when saving progress, resuming interrupted work, picking up where you left off, or checkpointing current work.

44SKILL.mdUpdated Apr 21, 2026

monkilabs/session-checkpoints

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/monkilabs/opencastle.git

# Copy into Claude Code skills folder (global)
cp -r opencastle/src/orchestrator/plugins/nextjs ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

monkilabs/opencastle

36 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT