nextjs-middleware

Enables advanced request handling in Next.js with middleware for authentication, role-based access, and security configurations.

Install this skill

75/100

Security score

The nextjs-middleware skill was audited on May 21, 2026 and we found 9 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 228

Template literal with variable interpolation in command context

SourceSKILL.md

228	return NextResponse.redirect(new URL(`/search/${query}`, request.url));

medium line 265

Template literal with variable interpolation in command context

SourceSKILL.md

265	new URL(`/landing-${bucket}`, request.url)

medium line 311

Template literal with variable interpolation in command context

SourceSKILL.md

311	(locale) => pathname.startsWith(`/${locale}/`) \|\| pathname === `/${locale}`

medium line 319

Template literal with variable interpolation in command context

SourceSKILL.md

319	new URL(`/${locale}${pathname}`, request.url)

low line 115

Access to .env file

SourceSKILL.md

115	secret: process.env.NEXTAUTH_SECRET,

low line 418

Access to .env file

SourceSKILL.md

418	secure: process.env.NODE_ENV === 'production',

low line 193

External URL reference

SourceSKILL.md

193	'/legacy': 'https://legacy.example.com',

low line 257

External URL reference

SourceSKILL.md

257	new URL(pathname.replace('/api/external', ''), 'https://api.example.com')

low line 366

External URL reference

SourceSKILL.md

366	const allowedOrigins = ['https://example.com', 'https://app.example.com'];

Scanned on May 21, 2026

View Security Dashboard

Installation guide →

GitHub Stars 39

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

frontend react api database testing devops backend frontend-developer fullstack-developer product-manager development product

JosiahSiegel/claude-plugin-marketplace