convex-actions
Provides best practices for implementing Convex actions, transactions, and scheduling in applications using Node.js.
Install this skill
or
79/100
Security score
The convex-actions skill was audited on Feb 19, 2026 and we found 9 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 38
Template literal with variable interpolation in command context
SourceSKILL.md
| 38 | "Authorization": `Bearer ${apiKey}`, |
medium line 138
Template literal with variable interpolation in command context
SourceSKILL.md
| 138 | await ctx.db.insert("failures", { orderId, error: `${e}` }); |
medium line 179
Template literal with variable interpolation in command context
SourceSKILL.md
| 179 | headers: { Authorization: `Bearer ${process.env.STRIPE_KEY}` }, |
low line 35
Fetch to external URL
SourceSKILL.md
| 35 | const response = await fetch("https://api.resend.com/emails", { |
low line 177
Fetch to external URL
SourceSKILL.md
| 177 | const result = await fetch("https://api.stripe.com/v1/charges", { |
low line 32
Access to .env file
SourceSKILL.md
| 32 | const apiKey = process.env.RESEND_API_KEY; |
low line 179
Access to .env file
SourceSKILL.md
| 179 | headers: { Authorization: `Bearer ${process.env.STRIPE_KEY}` }, |
low line 35
External URL reference
SourceSKILL.md
| 35 | const response = await fetch("https://api.resend.com/emails", { |
low line 177
External URL reference
SourceSKILL.md
| 177 | const result = await fetch("https://api.stripe.com/v1/charges", { |
Scanned on Feb 19, 2026
View Security DashboardInstall this skill with one command
/learn @aaronvanston/convex-actions