Skills
skills/openclaw/clawhub/convex-performance-audit/Gen Agent Trust Hub

convex-performance-audit

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run npx convex insights --details to gather performance data from the Convex deployment. This command uses the official command-line interface for the platform being audited.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch the convex package from the public npm registry. This is standard behavior for accessing the official platform tools.
  • [PROMPT_INJECTION]: The skill has a surface for Indirect Prompt Injection as it processes deployment insights and repository source code which could potentially contain maliciously crafted instructions.
  • Ingestion points: Deployment Health insights, CLI insights output, and repository source code (SKILL.md).
  • Boundary markers: None provided for external data ingestion.
  • Capability inventory: Shell command execution via npx and recommended code modifications across the repository.
  • Sanitization: No explicit sanitization or validation of the ingested performance data or code content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:06 PM