convex-subconscious

Mostly purpose-aligned integration documentation, not overt malware. Main concerns are the transitive skill-install instruction from GitHub and the agent-driven HTTP/webhook pattern that lets a third-party AI service trigger backend mutations; overall this is medium risk and best classified as suspicious rather than malicious.