Compétences react-server-components-framework Historique des audits
📦

Historique des audits

react-server-components-framework - 6 audits

Version de l’audit 6

Dernier Risque moyen

Jun 28, 2026, 10:26 AM

Static analysis reported many command, network, environment, and browser-storage patterns, but review found these are primarily markdown and TypeScript examples for Next.js development rather than hidden executable behavior. No prompt-injection text or confirmed malicious intent was found. The skill should publish with a warning because some copyable examples need stronger security caveats, especially stored HTML rendering and authorization checks for destructive actions.

11
Fichiers analysés
2,709
Lignes analysées
9
résultats
codex
Audité par
Problèmes à risque moyen (2)
examples/blog-app-example.tsx:276-279
Copyable Stored HTML Rendering Example
The blog example renders post content with dangerouslySetInnerHTML. In a real application, stored HTML must be sanitized before rendering or it can create stored cross-site scripting risk.
templates/server-action-template.ts:110-117templates/server-action-template.ts:151-161
Destructive Server Actions Lack Authorization in Template
The delete and bulk update Server Action examples mutate records by id without the same session and ownership checks shown in the update example. Copied as-is, this can teach insecure authorization patterns.
Problèmes à risque faible (3)
SKILL.md:45-58checklists/rsc-implementation-checklist.md:8-18
Static Command Findings Are Markdown and Framework Syntax
The reported Ruby or shell backtick execution findings are mostly inline markdown code spans, JSX template literals, and framework snippets. They are not invoked by install scripts or runtime automation in this skill.
references/component-patterns.md:57-63
Environment and Network Examples Use Placeholder Endpoints
The environment-variable and fetch findings occur in server-component examples that show how to call an API with a server-side secret. This is a legitimate framework pattern, but users should avoid logging or returning secrets.
templates/client-component-template.tsx:27-33
Browser Storage Example Parses Local Data
The Client Component template reads localStorage and parses JSON. This is normal client-side behavior, but copied code should handle parse failures and avoid storing sensitive data in browser storage.

Facteurs de risque

⚙️ Commandes externes (246)
checklists/rsc-implementation-checklist.md:8 checklists/rsc-implementation-checklist.md:9 checklists/rsc-implementation-checklist.md:16 checklists/rsc-implementation-checklist.md:18 checklists/rsc-implementation-checklist.md:25 checklists/rsc-implementation-checklist.md:32 checklists/rsc-implementation-checklist.md:33 checklists/rsc-implementation-checklist.md:34 checklists/rsc-implementation-checklist.md:35 checklists/rsc-implementation-checklist.md:36 checklists/rsc-implementation-checklist.md:45 checklists/rsc-implementation-checklist.md:50 checklists/rsc-implementation-checklist.md:51 checklists/rsc-implementation-checklist.md:51 checklists/rsc-implementation-checklist.md:52 checklists/rsc-implementation-checklist.md:58 checklists/rsc-implementation-checklist.md:66 checklists/rsc-implementation-checklist.md:67 checklists/rsc-implementation-checklist.md:68 checklists/rsc-implementation-checklist.md:69 checklists/rsc-implementation-checklist.md:81 checklists/rsc-implementation-checklist.md:82 checklists/rsc-implementation-checklist.md:83 checklists/rsc-implementation-checklist.md:89 checklists/rsc-implementation-checklist.md:90 checklists/rsc-implementation-checklist.md:91 checklists/rsc-implementation-checklist.md:92 checklists/rsc-implementation-checklist.md:93 checklists/rsc-implementation-checklist.md:94 checklists/rsc-implementation-checklist.md:97 checklists/rsc-implementation-checklist.md:98 checklists/rsc-implementation-checklist.md:99 checklists/rsc-implementation-checklist.md:100 checklists/rsc-implementation-checklist.md:101 checklists/rsc-implementation-checklist.md:104 checklists/rsc-implementation-checklist.md:105 checklists/rsc-implementation-checklist.md:106 checklists/rsc-implementation-checklist.md:107 checklists/rsc-implementation-checklist.md:107 checklists/rsc-implementation-checklist.md:108 checklists/rsc-implementation-checklist.md:108 checklists/rsc-implementation-checklist.md:113 checklists/rsc-implementation-checklist.md:123 checklists/rsc-implementation-checklist.md:129 checklists/rsc-implementation-checklist.md:136 checklists/rsc-implementation-checklist.md:138 checklists/rsc-implementation-checklist.md:145 checklists/rsc-implementation-checklist.md:146 checklists/rsc-implementation-checklist.md:152 checklists/rsc-implementation-checklist.md:153 checklists/rsc-implementation-checklist.md:161 checklists/rsc-implementation-checklist.md:169 checklists/rsc-implementation-checklist.md:175 checklists/rsc-implementation-checklist.md:176 checklists/rsc-implementation-checklist.md:177 checklists/rsc-implementation-checklist.md:178 checklists/rsc-implementation-checklist.md:182 checklists/rsc-implementation-checklist.md:188 checklists/rsc-implementation-checklist.md:192 checklists/rsc-implementation-checklist.md:220 checklists/rsc-implementation-checklist.md:227 checklists/rsc-implementation-checklist.md:242 checklists/rsc-implementation-checklist.md:243 checklists/rsc-implementation-checklist.md:247 checklists/rsc-implementation-checklist.md:248 checklists/rsc-implementation-checklist.md:255 checklists/rsc-implementation-checklist.md:256 checklists/rsc-implementation-checklist.md:257 checklists/rsc-implementation-checklist.md:258 checklists/rsc-implementation-checklist.md:258 checklists/rsc-implementation-checklist.md:259 checklists/rsc-implementation-checklist.md:259 checklists/rsc-implementation-checklist.md:261 checklists/rsc-implementation-checklist.md:261 checklists/rsc-implementation-checklist.md:262 checklists/rsc-implementation-checklist.md:262 checklists/rsc-implementation-checklist.md:264 examples/blog-app-example.tsx:93 examples/blog-app-example.tsx:118 examples/blog-app-example.tsx:226 examples/blog-app-example.tsx:424 references/component-patterns.md:8 references/component-patterns.md:8 references/component-patterns.md:10 references/component-patterns.md:10 references/component-patterns.md:10 references/component-patterns.md:14 references/component-patterns.md:17 references/component-patterns.md:19 references/component-patterns.md:24 references/component-patterns.md:32-51 references/component-patterns.md:51-55 references/component-patterns.md:55-61 references/component-patterns.md:61-62 references/component-patterns.md:62-67 references/component-patterns.md:67-75 references/component-patterns.md:75-104 references/component-patterns.md:104-108 references/component-patterns.md:108-127 references/component-patterns.md:127-137 references/component-patterns.md:137-172 references/component-patterns.md:172-176 references/component-patterns.md:176-178 references/component-patterns.md:178-204 references/component-patterns.md:204-210 references/component-patterns.md:210-225 references/component-patterns.md:225-235 references/component-patterns.md:235-249 references/component-patterns.md:249-255 references/component-patterns.md:255-280 references/component-patterns.md:280-288 references/component-patterns.md:288-309 references/component-patterns.md:309-313 references/component-patterns.md:313-334 references/component-patterns.md:334-338 references/component-patterns.md:338-361 references/component-patterns.md:361-371 references/component-patterns.md:371-392 references/component-patterns.md:392-398 references/component-patterns.md:398-417 references/component-patterns.md:417-422 references/data-fetching.md:9-29 references/data-fetching.md:29-33 references/data-fetching.md:33-48 references/data-fetching.md:48-56 references/data-fetching.md:56-73 references/data-fetching.md:73-81 references/data-fetching.md:81-95 references/data-fetching.md:95-103 references/data-fetching.md:103-122 references/data-fetching.md:122-130 references/data-fetching.md:130-147 references/data-fetching.md:147-155 references/data-fetching.md:155-170 references/migration-guide.md:7 references/migration-guide.md:8 references/migration-guide.md:18-28 references/migration-guide.md:28-32 references/migration-guide.md:32-38 references/migration-guide.md:38-46 references/migration-guide.md:46-65 references/migration-guide.md:65-69 references/migration-guide.md:69-75 references/migration-guide.md:75-83 references/migration-guide.md:83-97 references/migration-guide.md:97-101 references/migration-guide.md:101-113 references/migration-guide.md:113-121 references/migration-guide.md:121-130 references/migration-guide.md:130-134 references/migration-guide.md:134-145 references/migration-guide.md:145-153 references/migration-guide.md:153-167 references/migration-guide.md:167-171 references/migration-guide.md:171-187 references/routing-patterns.md:8-16 references/routing-patterns.md:16-20 references/routing-patterns.md:20-41 references/routing-patterns.md:41-50 references/routing-patterns.md:50-59 references/routing-patterns.md:59-63 references/routing-patterns.md:63-91 references/routing-patterns.md:91-101 references/routing-patterns.md:101-108 references/routing-patterns.md:108-112 references/routing-patterns.md:112-136 references/routing-patterns.md:136-145 references/routing-patterns.md:145-155 references/routing-patterns.md:155-158 references/routing-patterns.md:158-159 references/routing-patterns.md:159-165 references/routing-patterns.md:165-180 references/server-actions.md:5-22 references/server-actions.md:22-24 references/server-actions.md:24-32 references/server-actions.md:32-45 references/server-actions.md:45-53 references/server-actions.md:53-81 references/server-actions.md:81-89 references/server-actions.md:89-122 references/server-actions.md:122-130 references/server-actions.md:130-146 references/server-actions.md:146-152 references/server-actions.md:152-181 references/server-actions.md:181-187 references/server-actions.md:187-206 SKILL.md:45 SKILL.md:45 SKILL.md:50 SKILL.md:51 SKILL.md:51 SKILL.md:53 SKILL.md:56 SKILL.md:58 SKILL.md:68-80 SKILL.md:80-83 SKILL.md:83-87 SKILL.md:87-89 SKILL.md:89 SKILL.md:89-98 SKILL.md:98-107 SKILL.md:107-109 SKILL.md:109-113 SKILL.md:113-124 SKILL.md:124-140 SKILL.md:140-147 SKILL.md:147-152 SKILL.md:152-157 SKILL.md:157-160 SKILL.md:160-164 SKILL.md:164-167 SKILL.md:167-171 SKILL.md:171-173 SKILL.md:173-186 SKILL.md:186-201 SKILL.md:201-212 SKILL.md:212-220 SKILL.md:220-244 SKILL.md:244-245 SKILL.md:245-246 SKILL.md:246-254 SKILL.md:254-267 SKILL.md:267-283 SKILL.md:283-300 SKILL.md:300-304 SKILL.md:304-317 SKILL.md:317-321 SKILL.md:321-334 SKILL.md:334-340 SKILL.md:340 SKILL.md:340-343 SKILL.md:343-344 SKILL.md:344-346 SKILL.md:346 SKILL.md:346-347 SKILL.md:347 SKILL.md:347-349 SKILL.md:349-360 SKILL.md:360-363 SKILL.md:363-366 SKILL.md:366-369 SKILL.md:369 SKILL.md:369 templates/server-action-template.ts:58 templates/server-action-template.ts:95 templates/server-action-template.ts:221
⚡ Contient des scripts (1)
references/component-patterns.md:375
🌐 Accès réseau (24)
references/component-patterns.md:61 references/component-patterns.md:61 references/data-fetching.md:11 references/data-fetching.md:16 references/data-fetching.md:21 references/data-fetching.md:26 references/data-fetching.md:160 references/data-fetching.md:11 references/data-fetching.md:16 references/data-fetching.md:21 references/data-fetching.md:26 references/data-fetching.md:160 references/migration-guide.md:54 references/migration-guide.md:72 references/migration-guide.md:93 SKILL.md:70 SKILL.md:73 SKILL.md:76 SKILL.md:79 SKILL.md:375 SKILL.md:376 SKILL.md:377 SKILL.md:378 templates/client-component-template.tsx:41
🔑 Variables d’environnement (6)
references/component-patterns.md:59 references/component-patterns.md:59 references/component-patterns.md:59 templates/server-component-template.tsx:30 templates/server-component-template.tsx:30 templates/server-component-template.tsx:30

Motifs détectés

Static Dangerous Combination Dismissed After Context Review

Version de l’audit 5

Sûr

Jan 16, 2026, 05:06 PM

Pure documentation skill containing markdown guides and code templates for React Server Components. Static scanner findings are false positives - backticks in markdown code blocks were misinterpreted as shell execution, validation patterns as crypto algorithms, and documentation examples as network calls. No executable scripts, network calls, or concerning patterns detected.

12
Fichiers analysés
2,967
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (1)
SKILL.md:186-201
🌐 Accès réseau (1)
SKILL.md:68-80
🔑 Variables d’environnement (1)
templates/server-component-template.tsx:30

Version de l’audit 4

Sûr

Jan 16, 2026, 05:06 PM

Pure documentation skill containing markdown guides and code templates for React Server Components. Static scanner findings are false positives - backticks in markdown code blocks were misinterpreted as shell execution, validation patterns as crypto algorithms, and documentation examples as network calls. No executable scripts, network calls, or concerning patterns detected.

12
Fichiers analysés
2,967
Lignes analysées
3
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Facteurs de risque

⚙️ Commandes externes (1)
SKILL.md:186-201
🌐 Accès réseau (1)
SKILL.md:68-80
🔑 Variables d’environnement (1)
templates/server-component-template.tsx:30

Version de l’audit 3

Sûr

Jan 10, 2026, 10:50 AM

Pure documentation skill containing markdown guides and code templates for React Server Components. No executable scripts, network calls, or concerning patterns detected.

11
Fichiers analysés
2,309
Lignes analysées
0
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Version de l’audit 2

Sûr

Jan 10, 2026, 10:50 AM

Pure documentation skill containing markdown guides and code templates for React Server Components. No executable scripts, network calls, or concerning patterns detected.

11
Fichiers analysés
2,309
Lignes analysées
0
résultats
claude
Audité par
Aucun problème de sécurité trouvé

Version de l’audit 1

Sûr

Jan 10, 2026, 10:50 AM

Pure documentation skill containing markdown guides and code templates for React Server Components. No executable scripts, network calls, or concerning patterns detected.

11
Fichiers analysés
2,309
Lignes analysées
0
résultats
claude
Audité par
Aucun problème de sécurité trouvé
← Retour au skill