Convex
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: convex Version: 1.0.0 The skill bundle is benign. All files, including SKILL.md and setup.md, consistently provide instructions for the AI agent to follow secure development practices for Convex backends. Explicit instructions are given to avoid storing secrets, prevent data exfiltration, and ensure data integrity and authorization checks. There is no evidence of malicious prompt injection, unauthorized file access, external communication, or any other harmful behavior. The skill's scope is clearly defined and limited to local context management within the `~/convex/` directory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future Convex assistance may rely on saved local context, and the memory file could reveal project structure, auth boundaries, or incident history if exposed.
This shows the skill intentionally stores durable local memory that can influence future Convex work and may include sensitive architecture or authorization details.
Persist only reusable context in `~/convex/memory.md`: - Integration preference - Data model decisions and index intent - Auth constraints and permission edge cases - Rollout lessons and recurring failure modes
Review ~/convex/memory.md periodically, keep it concise, and avoid storing raw secrets, tokens, personal data, or sensitive customer identifiers.