Back to skill

Security audit

Canva

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Canva integration that uses expected OAuth tokens and Canva API calls, with sensitive permissions users should handle carefully.

Install only if you are comfortable giving this skill read/write access to the connected Canva account. Use the minimum Canva scopes you need, protect CANVA_CLIENT_SECRET and ~/.canva/tokens.json, keep token file permissions restrictive, and confirm exact file paths before using upload commands because selected files are sent to Canva.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill clearly instructs use of shell commands and direct API calls, but the manifest does not declare corresponding permissions/capabilities. This creates a transparency and policy gap: users and hosting platforms may not realize the skill can access local files, read tokens, and send data to external services via shell, increasing the risk of unintended command execution or data exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to upload a local file to Canva using a raw binary POST, but provides no warning that local content will be transmitted to a third-party service. This can cause accidental exfiltration of sensitive images or documents if users misunderstand the action or substitute the wrong file.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents storing OAuth access tokens in ~/.canva/tokens.json and reading them from shell commands without any warning about credential sensitivity or local file protections. Tokens in predictable local paths can be exposed through weak file permissions, shell history, logs, or other local processes, enabling unauthorized access to the user's Canva account.

Credential Access

High
Category
Privilege Escalation
Content
if echo "$RESPONSE" | jq -e '.access_token' > /dev/null 2>&1; then
            echo "$RESPONSE" > "$TOKEN_FILE"
            echo "✅ Token refreshed successfully!"
            echo "Access token saved to: $TOKEN_FILE"
            exit 0
        else
            echo "⚠️ Refresh failed, need to re-authenticate"
Confidence
81% confidence
Finding
Access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.