From vanguard-frontier-agentic
Statically reviews Next.js server surfaces for four security defect classes: middleware auth gaps, missing CSRF in Server Actions, NEXT_PUBLIC_ secret leaks, and SSRF/open-redirect via config or rewrites.
How this skill is triggered — by the user, by Claude, or both
Slash command
/vanguard-frontier-agentic:nextjs-server-security-reviewThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Review Next.js middleware (`middleware.ts`/`.js`), Server Actions, `next.config.js`, and environment-variable files for the concrete server-side defect classes Next.js's own documentation calls out directly: middleware `matcher` exclusions that silently skip authorization for Server Functions, Server Actions missing `allowedOrigins` CSRF protection, secrets accidentally exposed to the client vi...
Review Next.js middleware (middleware.ts/.js), Server Actions, next.config.js, and environment-variable files for the concrete server-side defect classes Next.js's own documentation calls out directly: middleware matcher exclusions that silently skip authorization for Server Functions, Server Actions missing allowedOrigins CSRF protection, secrets accidentally exposed to the client via a NEXT_PUBLIC_ prefix, and server-side request forgery / open-redirect risk via dangerouslyAllowLocalIP or an unvalidated rewrite destination. This skill exists so the review stays anchored to these documented defect classes instead of drifting into a general "Next.js code review" of component architecture, data fetching patterns, or styling.
Use this skill when the user asks to:
middleware.ts/middleware.js and its matcher configuration for authorization gaps,next.config.js's serverActions.allowedOrigins is configured correctly for a reverse-proxy or multi-zone deployment,.env/.env.production files or any process.env.NEXT_PUBLIC_* usage for accidental secret exposure to the client bundle,next.config.js image configuration (images.dangerouslyAllowLocalIP) or rewrites()/NextResponse.rewrite() usage for SSRF or open-redirect risk,Do not use this skill for:
resolve-library-id (matched result: /vercel/next.js) before citing any middleware, Server Actions, environment-variable, or next.config.js behavior claim./vercel/next.js is a high-reputation source covering authentication, middleware, Server Actions, environment variables, and next.config.js security patterns directly from the framework's own docs and source. Use query-docs against it to confirm exact option names (serverActions.allowedOrigins, images.dangerouslyAllowLocalIP) and documented behavior (NEXT_PUBLIC_ inlining, matcher exclusion semantics) before writing a finding.package.json first to confirm the Next.js major version and whether the app uses the App Router or Pages Router — experimental.serverActions configuration, middleware matcher conventions, and NextResponse.rewrite() APIs have shifted across major versions; do not apply App Router API names to a Pages Router codebase or vice versa.official_docs URLs in this skill's metadata.json and label the claim documentation-based, unverified against current release.matcher pattern, the specific serverActions config, or the specific variable declaration is not a valid finding — it is a guess.matcher as sufficient authorization coverage in isolation. A matcher whose negative-lookahead pattern excludes a path (e.g. /((?!api|_next).*)) means middleware — and any auth check it performs — never runs for that excluded path; a Proxy matcher that excludes a path also skips Server Function calls on that path. Confirm the excluded path's own handlers (Server Actions, Route Handlers) independently verify the session themselves.next.config.js with a serverActions block configured for a reverse-proxy, multi-zone, or otherwise cross-origin deployment unless allowedOrigins is explicitly present in that same block. Next.js's default CSRF protection compares the Server Action request's Origin header to the Host header and rejects mismatches — a deployment where those two headers legitimately differ (reverse proxy, multi-zone) needs the allowlist or every legitimate request fails, or worse, the mismatch is worked around insecurely elsewhere.KEY, SECRET, TOKEN, PASSWORD, CREDENTIAL, or equivalent) and is prefixed NEXT_PUBLIC_. Any NEXT_PUBLIC_ variable is inlined into the JavaScript bundle at build time and shipped to every client, full stop — there is no runtime gate that can retroactively hide it once bundled. The safe fix is to drop the prefix and read the value only from server-side code via process.env.API_KEY (or the equivalent unprefixed name), never from a Client Component.images.dangerouslyAllowLocalIP: true in next.config.js as a structural SSRF risk unless the codebase demonstrably validates every dynamic src value against a hardcoded external-hostname allowlist before it reaches the <Image> component.NextResponse.rewrite() call (or rewrites() destination) whose target URL is built directly from user-controlled input (query parameters, headers, request body) with no hostname allowlist check on the resolved value before the rewrite call — this is SSRF/open-redirect via the rewrite backend, not a cosmetic routing bug.Load these only when needed:
middleware.ts/.js, its matcher, or Server Action CSRF configuration..env* files, NEXT_PUBLIC_* usage, images.dangerouslyAllowLocalIP, or a rewrite/redirect destination built from dynamic input. Includes the OWASP SSRF/open-redirect grounding reference; load that citation only when such a finding is actually present.Return, at minimum:
next.config.js, and/or environment file(s) in scope,middleware-auth-gap, csrf-origin, secret-leak, or ssrf-redirect), the concrete data-flow trace (the matcher pattern and the excluded path's own auth handling, the serverActions config and its deployment topology, the environment variable declaration and its usage site, or the origin-to-sink path for the SSRF/redirect finding), and a fix sketch matching Next.js's documented pattern,repo evidence, documentation-based, or inference), with structural risk findings explicitly labeled as structural risk, not as confirmed-exploited,npx claudepluginhub raishin/vanguard-frontier-agentic --plugin vanguard-frontier-agenticAnalyzes Next.js and React security vulnerabilities like Server Actions SSRF, Route Handlers mass assignment, Server Components data exposure, and client XSS for whitebox pentesting.
Hunts Next.js-specific vulnerabilities: Server Actions abuse, Middleware bypass, ISR cache poisoning, Image Optimization SSRF, RSC payload leakage. Use when targeting Next.js 13/14/15 or React SSR frameworks.
Scans Next.js/TypeScript/JavaScript projects for OWASP Top 10 vulnerabilities, XSS, injection flaws, hardcoded secrets, and dependency CVEs. Supports quick, full, and targeted scans.