CtrlK
BlogDocsLog inGet started
Tessl Logo

convex-security-check

Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling

59

1.14x
Quality

37%

Does it follow best practices?

Impact

100%

1.14x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./skills/convex-security-check/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

Content Platform: Convex Backend Functions

Argument and returns validation

Criteria
Without context
With context

createPost args defined

100%

100%

createPost returns defined

100%

100%

getPost args defined

100%

100%

getPost returns defined

100%

100%

listPostsByCategory returns defined

100%

100%

addComment args defined

100%

100%

addComment returns defined

100%

100%

deletePost returns defined

100%

100%

No v.any() usage

100%

100%

Category enum validator

100%

100%

Correct table name in post ID

100%

100%

Correct table name in comment ID

100%

100%

100%

18%

Personal Finance Tracker: Secure Data Access

Authentication and row-level access control

Criteria
Without context
With context

Identity check in listMyTransactions

100%

100%

User-scoped query

100%

100%

Identity check in addTransaction

100%

100%

Ownership check in deleteTransaction

100%

100%

Identity check in deleteTransaction

100%

100%

Admin role check

100%

100%

ConvexError for auth failures

0%

100%

No public exposure of admin logic

100%

100%

args validators on all functions

100%

100%

returns validators on all functions

0%

100%

Transaction type enum

100%

100%

100%

20%

Order Notifications: Third-Party Email Integration

Environment variables and internal functions

Criteria
Without context
With context

API key via env var

100%

100%

No hardcoded secret

100%

100%

Env var in action only

100%

100%

Function is an action

100%

100%

Internal function type

0%

100%

Missing env var handled

100%

100%

Correct order ID validator

100%

100%

returns validator present

0%

100%

Dev/prod key separation documented

100%

100%

Function type rationale documented

100%

100%

Repository
waynesutton/convexskills
Commit

8ef49c9

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Content Platform: Convex Backend FunctionsPersonal Finance Tracker: Secure Data AccessOrder Notifications: Third-Party Email Integration

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill