convex-feature-spec

SUSPICIOUS. The skill’s planning purpose is plausible, but it relies on an unverifiable local binary not documented as part of the official Convex CLI. There is no explicit credential theft or confirmed exfiltration in the visible instructions, but execution of opaque support tooling against a repo creates high supply-chain risk disproportionate to a documentation/spec skill.