convex-self-hosting

[Skill Scanner] Download or install from free hosting/deployment platform detected All findings: [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] [HIGH] supply_chain: Download or install from free hosting/deployment platform detected (SC007) [AITech 9.1.4] This skill/documentation is consistent with its stated purpose (self-hosting Convex). It requests sensitive inputs that are necessary for the service to function (JWT private key, DB URL, admin key), and the flows described are reasonable for running a backend. No malicious code or hidden credential-harvesting flows were found. The primary security concerns are operational best-practice issues (protect mounted key files, avoid exposing env vars, verify container image sources). Recommend treating secrets carefully (use secret managers, restrict file permissions, verify images), but the document itself is benign. LLM verification: This SKILL.md is a deployment and configuration guide for self-hosting Convex. The instructions, requested environment variables, and commands are consistent with the stated purpose. There are no signs of embedded malware or hidden exfiltration in the document itself. Main risks are operational: users must generate and handle private keys, admin keys, and database credentials safely; they must review and trust scripts (e.g., generate_admin_key.sh) from the cloned repository before executing; and