waynesutton/convex-security-check
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
Quick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
npx skills add https://github.com/waynesutton/convexskills/tree/main/skills/convex-security-checkQuick security audit checklist covering authentication, function exposure, argument validation, row-level access control, and environment variable handling
This repo contains 13 individual skills — each has its own dedicated page.
Prevent feature creep when building software, apps, and AI-powered products. Use this skill when planning features, reviewing scope, building MVPs, managing backlogs, or when a user says "just one more feature." Helps developers and AI agents stay focused, ship faster, and avoid bloated products.
Umbrella skill for all Convex development patterns. Routes to specific skills like convex-functions, convex-realtime, convex-agents, etc.
Building AI agents with the Convex Agent component including thread management, tool integration, streaming responses, RAG patterns, and workflow orchestration
Guidelines for building production-ready Convex apps covering function organization, query patterns, validation, TypeScript usage, error handling, and the Zen of Convex design philosophy
How to create, structure, and publish self-contained Convex components with proper isolation, exports, and dependency management
Scheduled function patterns for background tasks including interval scheduling, cron expressions, job monitoring, retry strategies, and best practices for long-running tasks
Complete file handling including upload flows, serving files via URL, storing generated files from actions, deletion, and accessing file metadata from system tables
Writing queries, mutations, actions, and HTTP actions with proper argument validation, error handling, internal functions, and runtime considerations
External API integration and webhook handling including HTTP endpoint routing, request/response handling, authentication, CORS configuration, and webhook signature validation
Schema migration strategies for evolving applications including adding new fields, backfilling data, removing deprecated fields, index migrations, and zero-downtime migration patterns
Patterns for building reactive apps including subscription management, optimistic updates, cache behavior, and paginated queries with cursor-based loading
Defining and validating database schemas with proper typing, index configuration, optional fields, unions, and migration strategies for schema changes
Deep security review patterns for authorization logic, data access boundaries, action isolation, rate limiting, and protecting sensitive operations
Search, reserve, inspect, and cancel SRT tickets in Korea with the SRTrain library. Use when the user asks for SRT seat availability, booking, canceling, or sold-out retry plans.
Open-source organizational substrate for any agent runtime. Bring your own agent. We bring the org.
张鑫旭真人倒膜 - 让AI写出老工程师博客味道的中文技术文章 (Claude Code Skill)
Official Compound Engineering plugin extending standard terminal capabilities for Claude Code and Cursor.
Claude Code skill for multi-agent legal contract analysis using a project-manager delegation pattern with pre-defined and dynamic sub-agents.
Exercise: Build applications with GitHub Copilot agent mode