convex

Expert in Convex for schema design, TypeScript functions, real-time subscriptions, and deployment in modern web applications.

Install this skill

or

0/100

Security score

The convex skill was audited on Feb 28, 2026 and we found 26 security issues across 4 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 311

Template literal with variable interpolation in command context

SourceSKILL.md

311	Authorization: `Bearer ${process.env.SENDGRID_API_KEY}`,

high line 340

Template literal with variable interpolation in command context

SourceSKILL.md

340	Authorization: `Bearer ${process.env.OPENAI_API_KEY}`,

medium line 308

Fetch to external URL

SourceSKILL.md

308	const response = await fetch("https://api.sendgrid.com/v3/mail/send", {

medium line 337

Fetch to external URL

SourceSKILL.md

337	const response = await fetch("https://api.openai.com/v1/embeddings", {

medium line 41

Webhook reference - potential data exfiltration

SourceSKILL.md

41	\| HTTP Action \| Webhooks/custom endpoints \| via `runQuery` \| via `runMutation` \| ✅ \| ❌ \|

low line 358

Webhook reference - potential data exfiltration

SourceSKILL.md

358	### HTTP Actions (Webhooks)

medium line 368

Webhook reference - potential data exfiltration

SourceSKILL.md

368	path: "/webhooks/stripe",

medium line 374

Webhook reference - potential data exfiltration

SourceSKILL.md

374	// Verify webhook signature here...

medium line 377

Webhook reference - potential data exfiltration

SourceSKILL.md

377	await ctx.runMutation(api.payments.handleWebhook, { event });

medium line 790

Webhook reference - potential data exfiltration

SourceSKILL.md

790	- `@stripe` — Payment integration via Convex actions and HTTP webhooks

medium line 66

Access to .env file

SourceSKILL.md

66	5. Creates `.env.local` with `CONVEX_DEPLOYMENT` and `NEXT_PUBLIC_CONVEX_URL`

low line 80

Access to .env file

SourceSKILL.md

80	├── .env.local ← CONVEX_DEPLOYMENT, NEXT_PUBLIC_CONVEX_URL

medium line 311

Access to .env file

SourceSKILL.md

311	Authorization: `Bearer ${process.env.SENDGRID_API_KEY}`,

medium line 340

Access to .env file

SourceSKILL.md

340	Authorization: `Bearer ${process.env.OPENAI_API_KEY}`,

medium line 396

Access to .env file

SourceSKILL.md

396	const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);

medium line 494

Access to .env file

SourceSKILL.md

494	const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);

medium line 526

Access to .env file

SourceSKILL.md

526	const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!);

medium line 530

Access to .env file

SourceSKILL.md

530	<ClerkProvider publishableKey={process.env.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY!}>

medium line 704

Access to .env file

SourceSKILL.md

704	const apiKey = process.env.OPENAI_API_KEY;

medium line 763

Access to .env file

SourceSKILL.md

763	- Problem: "`process.env` is undefined in query/mutation"

low line 308

External URL reference

SourceSKILL.md

308	const response = await fetch("https://api.sendgrid.com/v3/mail/send", {

low line 337

External URL reference

SourceSKILL.md

337	const response = await fetch("https://api.openai.com/v1/embeddings", {

low line 546

External URL reference

SourceSKILL.md

546	npx convex env set SITE_URL http://localhost:3000

low line 795

External URL reference

SourceSKILL.md

795	- [Convex Stack (Blog)](https://stack.convex.dev)

low line 797

External URL reference

SourceSKILL.md

797	- [Discord Community](https://convex.dev/community)

low line 798

External URL reference

SourceSKILL.md

798	- [Convex Chef (AI Starter)](https://chef.convex.dev)

Scanned on Feb 28, 2026

View Security Dashboard

Installation guide →

GitHub Stars 21.5K

Rate this skill

Categorydevelopment

UpdatedApril 4, 2026

openclaw backend backend-developer fullstack-developer product-manager growth-pm data-engineer development product

sickn33/antigravity-awesome-skills