convex-quickstart
Facilitates quick setup of Convex projects, enabling seamless integration with various frontend frameworks like React and Next.js.
Install this skill
or
64/100
Security score
The convex-quickstart skill was audited on May 26, 2026 and we found 12 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 81
Access to .env file
SourceSKILL.md
| 81 | - Write the deployment URL to `.env.local` |
low line 110
Access to .env file
SourceSKILL.md
| 110 | .env.local # CONVEX_URL / VITE_CONVEX_URL / NEXT_PUBLIC_CONVEX_URL |
medium line 133
Access to .env file
SourceSKILL.md
| 133 | Ask the user to run `npx convex dev` in their terminal. This handles login, creates the `convex/` directory, writes the deployment URL to `.env.local`, and starts the file watcher. See the notes in Pa |
low line 144
Access to .env file
SourceSKILL.md
| 144 | const convex = new ConvexReactClient(import.meta.env.VITE_CONVEX_URL as string); |
low line 149
Access to .env file
SourceSKILL.md
| 149 | const convex = new ConvexReactClient(import.meta.env.VITE_CONVEX_URL as string); |
low line 164
Access to .env file
SourceSKILL.md
| 164 | const convex = new ConvexReactClient(import.meta.env.VITE_CONVEX_URL as string); |
low line 184
Access to .env file
SourceSKILL.md
| 184 | const convex = new ConvexReactClient(process.env.NEXT_PUBLIC_CONVEX_URL!); |
medium line 228
Access to .env file
SourceSKILL.md
| 228 | `npx convex dev` writes the correct variable to `.env.local` automatically. |
medium line 234
Access to .env file
SourceSKILL.md
| 234 | Add `CONVEX_AGENT_MODE=anonymous` to `.env.local`, or set it inline: |
medium line 248
Access to .env file
SourceSKILL.md
| 248 | 3. `.env.local` contains the deployment URL |
medium line 336
Access to .env file
SourceSKILL.md
| 336 | - [ ] `.env.local` has the deployment URL |
low line 97
External URL reference
SourceSKILL.md
| 97 | Vite apps serve on `http://localhost:5173`, Next.js on `http://localhost:3000`. |
Scanned on May 26, 2026
View Security Dashboard