Skip to main content

convex

Expert in Convex for schema design, TypeScript functions, real-time subscriptions, and deployment in modern web applications.

Install this skill

or
0/100

Security score

The convex skill was audited on May 12, 2026 and we found 26 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 310

Template literal with variable interpolation in command context

SourceSKILL.md
310Authorization: `Bearer ${process.env.SENDGRID_API_KEY}`,
high line 339

Template literal with variable interpolation in command context

SourceSKILL.md
339Authorization: `Bearer ${process.env.OPENAI_API_KEY}`,
medium line 307

Fetch to external URL

SourceSKILL.md
307const response = await fetch("https://api.sendgrid.com/v3/mail/send", {
medium line 336

Fetch to external URL

SourceSKILL.md
336const response = await fetch("https://api.openai.com/v1/embeddings", {
medium line 40

Webhook reference - potential data exfiltration

SourceSKILL.md
40| **HTTP Action** | Webhooks/custom endpoints | via `runQuery` | via `runMutation` | ✅ | ❌ |
low line 357

Webhook reference - potential data exfiltration

SourceSKILL.md
357### HTTP Actions (Webhooks)
medium line 367

Webhook reference - potential data exfiltration

SourceSKILL.md
367path: "/webhooks/stripe",
medium line 373

Webhook reference - potential data exfiltration

SourceSKILL.md
373// Verify webhook signature here...
medium line 376

Webhook reference - potential data exfiltration

SourceSKILL.md
376await ctx.runMutation(api.payments.handleWebhook, { event });
medium line 789

Webhook reference - potential data exfiltration

SourceSKILL.md
789- `@stripe` — Payment integration via Convex actions and HTTP webhooks
medium line 65

Access to .env file

SourceSKILL.md
655. Creates `.env.local` with `CONVEX_DEPLOYMENT` and `NEXT_PUBLIC_CONVEX_URL`
low line 79

Access to .env file

SourceSKILL.md
79├── .env.local ← CONVEX_DEPLOYMENT, NEXT_PUBLIC_CONVEX_URL
medium line 310

Access to .env file

SourceSKILL.md
310Authorization: `Bearer ${process.env.SENDGRID_API_KEY}`,
medium line 339

Access to .env file

SourceSKILL.md
339Authorization: `Bearer ${process.env.OPENAI_API_KEY}`,
medium line 395

Access to .env file

SourceSKILL.md
395const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
medium line 493

Access to .env file

SourceSKILL.md
493const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
medium line 525

Access to .env file

SourceSKILL.md
525const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);
medium line 529

Access to .env file

SourceSKILL.md
529<ClerkProvider publishableKey={process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY!}>
medium line 703

Access to .env file

SourceSKILL.md
703const apiKey = process.env.OPENAI_API_KEY;
medium line 762

Access to .env file

SourceSKILL.md
762- **Problem:** "`process.env` is undefined in query/mutation"
low line 307

External URL reference

SourceSKILL.md
307const response = await fetch("https://api.sendgrid.com/v3/mail/send", {
low line 336

External URL reference

SourceSKILL.md
336const response = await fetch("https://api.openai.com/v1/embeddings", {
low line 545

External URL reference

SourceSKILL.md
545npx convex env set SITE_URL http://localhost:3000
low line 794

External URL reference

SourceSKILL.md
794- [Convex Stack (Blog)](https://stack.convex.dev)
low line 796

External URL reference

SourceSKILL.md
796- [Discord Community](https://convex.dev/community)
low line 797

External URL reference

SourceSKILL.md
797- [Convex Chef (AI Starter)](https://chef.convex.dev)
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedMay 20, 2026
cursorfrontenddesignplaywrightsupabasestripereactdocxgitapidatabasetestingdevopsmobilebackendbackend-developerfullstack-developerproduct-managergrowth-pmdata-engineerdevelopmentproduct
sickn33/antigravity-awesome-skills