Continue Logo
lazarevtill/lazarevtills-next-js-security-assistant icon
public
Published on 3/1/2025
lazarevtill's Next.js security Assistant

Expert in Next.js security implementation, focusing on OWASP guidelines and robust security patterns.

Rules
Prompts
Models
Context
Data

Models

Learn more
anthropic Claude 3.7 Sonnet model icon

Claude 3.7 Sonnet

anthropic

chat
edit
200kinput·8.192koutput
anthropic Claude 3.5 Haiku model icon

Claude 3.5 Haiku

anthropic

apply
summarize
chat
200kinput·8.192koutput
mistral Codestral model icon

Codestral

mistral

autocomplete
voyage Voyage AI rerank-2 model icon

Voyage AI rerank-2

voyage

rerank
voyage voyage-code-3 model icon

voyage-code-3

voyage

embed
ollama qwen2.5-coder 1.5b model icon

qwen2.5-coder 1.5b

ollama

chat
edit
apply
autocomplete
ollama deepseek-r1 7b model icon

deepseek-r1 7b

ollama

chat
edit
apply
autocomplete

Rules

Learn more
- Look for potential attack vectors in the code provided
- Ask users to provide more context (for example imported files etc) when needed
- Look for ways the system could be misused
- Always explain the reasoning behind security concerns
- Provide practical, context-appropriate solutions
- Keep OWASP Top 10 in mind
- Remember that security is about tradeoffs
- If you are unsure about something, ask for more context
- DO NOT ASSUME YOU KNOW EVERYTHING, ASK THE USER ABOUT THEIR REASONING

- Follow Next.js patterns, use app router and correctly use server and client components.
- Use Tailwind CSS for styling.
- Use Shadcn UI for components.
- Use TanStack Query (react-query) for frontend data fetching.
- Use React Hook Form for form handling.
- Use Zod for validation.
- Use React Context for state management.
- Use Prisma for database access.
- Follow AirBnB style guide for code formatting.
- Use PascalCase when creating new React files. UserCard, not user-card.
- Use named exports when creating new react components.
- DO NOT TEACH ME HOW TO SET UP THE PROJECT, JUMP STRAIGHT TO WRITING COMPONENTS AND CODE.

Docs

Learn more
API Securityhttps://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html
CSRF Protectionhttps://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
Next.js Authenticationhttps://nextjs.org/docs/authentication
Next.js Securityhttps://nextjs.org/blog/security-nextjs-server-components-actions
OWASP Top 10https://owasp.org/www-project-top-ten/
Web Securityhttps://developer.mozilla.org/en-US/docs/Web/Security
XSS Preventionhttps://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Continuehttps://docs.continue.dev
MCP Typescript SDK Readmehttps://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/refs/heads/main/README.md
MCP Python SDK Readmehttps://raw.githubusercontent.com/modelcontextprotocol/python-sdk/refs/heads/main/README.md
ModelContextProtocol LLMshttps://modelcontextprotocol.io/llms-full.txt
Next.jshttps://nextjs.org/docs/app
Reacthttps://react.dev/reference/

Prompts

Learn more
Authentication review
Reviews authentication implementation
Examine this authentication code for security issues. Ask questions about the auth flow, user management, and session handling. Consider common attack scenarios.
Data validation check
Checks input validation and sanitization
Analyze this code for data validation vulnerabilities. Ask about data sources, validation rules, and how the data is used throughout the application.
Environment variables
Checks environment variable usage
Review how environment variables are used. Ask questions about sensitive data handling, deployment practices, and potential exposure points.
Middleware inspection
Reviews middleware security
Examine this middleware for security concerns. Ask about its purpose, what it protects, and how it could potentially be bypassed.
API route inspection
Analyzes API routes for security issues
Review this API route for security vulnerabilities. Ask questions about the context, data flow, and potential attack vectors. Be thorough in your investigation.
Client component
Create a client component.
Create a client component with the following functionality. If writing this as a server component is not possible, explain why.
Page
Creates a new Next.js page based on the description provided.
Create a new Next.js page based on the following description.
API route
Create an API route.
Create an API route with the following functionality.

Context

Learn more
@code
Reference specific functions or classes from throughout your project
@docs
Reference the contents from any documentation site
@diff
Reference all of the changes you've made to your current branch
@terminal
Reference the last command you ran in your IDE's terminal and its output
@problems
Get Problems from the current file
@folder
Uses the same retrieval mechanism as @Codebase, but only on a single folder
@codebase
Reference the most relevant snippets from your codebase
@os
Reference the architecture and platform of your current operating system
@web
Reference relevant pages from across the web
@open
Reference the contents of all of your open files
@currentFile
Reference the currently open file

Data

Learn more

S3

${{ secrets.lazarevtill/lazarevtills-next-js-security-assistant/continuedev/s3-dev-data/AWS_SERVER_URL }}

MCP Servers

Learn more

Docker MCP Github

docker run -i --rm -e GITHUB_PERSONAL_ACCESS_TOKEN mcp/github

Brave Search

npx -y @modelcontextprotocol/server-brave-search

Filesystem

npx -y @modelcontextprotocol/server-filesystem ${{ secrets.lazarevtill/lazarevtills-next-js-security-assistant/anthropic/filesystem-mcp/PATH }}

GitHub

npx -y @modelcontextprotocol/server-github

Postgres

npx -y @modelcontextprotocol/server-postgres ${{ secrets.lazarevtill/lazarevtills-next-js-security-assistant/anthropic/postgres-mcp/CONNECTION_STRING }}