convex-audit

SUSPICIOUS: The skill’s stated audit purpose is coherent, but it relies on an unverifiable local executable that is not part of Convex’s documented official toolchain. No explicit credential theft or external exfiltration is shown, yet the binary’s opaque provenance creates a high supply-chain risk disproportionate to an otherwise read-first audit workflow.