Convex
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Future Convex assistance may rely on saved local context, and the memory file could reveal project structure, auth boundaries, or incident history if exposed.
Why it was flagged
This shows the skill intentionally stores durable local memory that can influence future Convex work and may include sensitive architecture or authorization details.
Skill content
Persist only reusable context in `~/convex/memory.md`: - Integration preference - Data model decisions and index intent - Auth constraints and permission edge cases - Rollout lessons and recurring failure modes
Recommendation
Review ~/convex/memory.md periodically, keep it concise, and avoid storing raw secrets, tokens, personal data, or sensitive customer identifiers.