react-server-components
https://raw.githubusercontent.com/patternsdev/skills/main/react/react-server-components/SKILL.md
github.com/patternsdev/skills
Scanned Thu, 28 May 2026 17:38:41 GMT
Scan ID crawl-rdr0m5qxw2a7uz148kpf6kzx · 1ms
A
SCORE 95 / 100
Verdict: Safe to install

2 medium findings.

This skill ships without a capability manifest plus 1 other issue listed below.

0 critical0 high2 medium10 rules passed

Why grade A?

score · 95 / 100

The current grade reflects 2 minor findings below all thresholds.

0 CRIT0 HIGH2 MED0 LOW

Already at the top grade — no further rules to pass.

Findings · ordered by severity

med
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule: no-manifest
med
Link text shows "next.js" but points at nextjs.org
The visible link text contains the domain `next.js`, but the URL actually targets `nextjs.org`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
rule: anchor-href-mismatchline: 59CWE-601
57- The [React Server Components reference](https://react.dev/reference/rsc/server-components) is the best current overview.
58- The [RFC](https://github.com/reactjs/rfcs/blob/bf51f8755ddb38d92e23ad415fc4e3c02b95b331/text/0188-server-components.md) is still useful for deeper implementation context.
59- [Next.js App Router documentation](https://nextjs.org/docs/app) for the modern approach to Server Componentstext→next.js · href→nextjs.org
60- [Shopify Hydrogen and Server Components](https://shopify.dev/custom-storefronts/hydrogen/framework/react-server-components)
61
Scan another →Share
skillox.io/r/crawl-rdr0m5qxw2a7uz148kpf6kzx