Convex

PassAudited by ClawScan on May 1, 2026.

Overview

This instruction-only Convex helper is coherent and scoped, with the main thing to notice being its local project memory under ~/convex/.

This skill appears safe to install for Convex backend work. Before using it, be aware that it may keep local notes in ~/convex/ about your schema, auth model, and rollout history; do not put secrets or sensitive customer data in those files.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI06: Memory and Context Poisoning

What this means

Future Convex assistance may rely on saved local context, and the memory file could reveal project structure, auth boundaries, or incident history if exposed.

Why it was flagged

This shows the skill intentionally stores durable local memory that can influence future Convex work and may include sensitive architecture or authorization details.

Skill content

Persist only reusable context in `~/convex/memory.md`:
- Integration preference
- Data model decisions and index intent
- Auth constraints and permission edge cases
- Rollout lessons and recurring failure modes

Recommendation

Review ~/convex/memory.md periodically, keep it concise, and avoid storing raw secrets, tokens, personal data, or sensitive customer identifiers.