convex-http
Facilitates HTTP actions for webhooks and API endpoints in Convex, enabling seamless integration with services like Stripe and GitHub.
Install this skill
or
79/100
Security score
The convex-http skill was audited on Feb 19, 2026 and we found 9 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 3
Webhook reference - potential data exfiltration
SourceSKILL.md
| 3 | description: HTTP actions for webhooks and API endpoints in Convex. Use when building webhook handlers (Stripe, Clerk, GitHub), creating REST API endpoints, handling file uploads/downloads, or impleme |
medium line 31
Webhook reference - potential data exfiltration
SourceSKILL.md
| 31 | ## Webhook Handling |
low line 42
Webhook reference - potential data exfiltration
SourceSKILL.md
| 42 | path: "/webhooks/stripe", |
low line 56
Webhook reference - potential data exfiltration
SourceSKILL.md
| 56 | return new Response("Webhook error", { status: 400 }); |
medium line 64
Webhook reference - potential data exfiltration
SourceSKILL.md
| 64 | ## Webhook Signature Verification |
low line 81
Webhook reference - potential data exfiltration
SourceSKILL.md
| 81 | const event = stripe.webhooks.constructEvent( |
low line 84
Webhook reference - potential data exfiltration
SourceSKILL.md
| 84 | process.env.STRIPE_WEBHOOK_SECRET! |
low line 75
Access to .env file
SourceSKILL.md
| 75 | const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!); |
low line 84
Access to .env file
SourceSKILL.md
| 84 | process.env.STRIPE_WEBHOOK_SECRET! |
Scanned on Feb 19, 2026
View Security DashboardInstall this skill with one command
/learn @aaronvanston/convex-http