Miro MCP Integration

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Miro integration skill whose live board read/write capabilities are disclosed and aligned with its purpose, though users should handle shared-board edits and sensitive content carefully.

Install only if you intend to let an AI assistant access Miro through your chosen client. Prefer read-only scopes when possible, keep auto-approval disabled for write-capable tools, start on test boards, verify the target team and board before edits or bulk syncs, and avoid sharing sensitive board images or URLs with clients whose data handling you have not reviewed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (11)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill prominently describes both reading from and writing to live Miro boards, but it does not give a clear user-facing warning that actions may modify external data in a real workspace. In an agent setting, this increases the risk of unintended writes, overwrites, or disclosure of board contents because users may treat the integration as informational rather than capable of making persistent changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The REST API section includes examples for creating, updating, and deleting board content against production Miro endpoints without a warning that these are live mutations. This can lead users or downstream agents to execute destructive or unintended changes on real boards, especially when examples are copied verbatim into automation workflows.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples encourage users to paste live Miro board URLs into third-party AI clients without warning that the client or connected MCP tools may retrieve and transmit board contents outside Miro. In this skill context, boards may contain proprietary designs, architecture notes, credentials, or customer data, so omission of a data-sharing warning creates a real confidentiality risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide instructs users to have AI tools create or modify content on Miro boards but does not warn that these are write operations against shared collaborative assets. In this context, an agent could overwrite, spam, or otherwise alter production boards used by teams, causing integrity and workflow disruption.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Mentioning auto-approval support without explaining the security implications can normalize enabling unattended execution of board-affecting tools. In an MCP integration context, auto-approval can let prompts trigger read/write actions on boards without meaningful user confirmation, increasing the chance of accidental data exposure or unwanted modifications.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document explicitly states that agents can read and write Miro board content with the authenticated user's permissions, including documents, prototypes, and frames, but it does not prominently warn users about the privacy and data exposure implications of connecting an AI agent to potentially sensitive boards. In a skill intended to be used by AI coding/design agents, this omission is meaningful because users may underestimate that broad workspace content can be ingested, transformed, or copied into downstream model contexts and generated outputs.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This section documents document/table update capabilities that directly modify live Miro board content but does not warn users that these actions affect shared workspace data visible to collaborators. In an agent context, omission of a mutation warning increases the risk of unintended edits, destructive overwrites, or compliance issues when an AI acts on a real board without explicit user confirmation.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The diagram and table tool descriptions encourage creation and synchronization of board artifacts on a live board without clarifying that these are persistent shared changes. Because this skill is meant for agent-driven workflows, the lack of write-safety guidance makes unintended mass updates or cluttering/modifying collaborative workspaces more likely.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The image tooling section explicitly mentions sharing image URLs externally and retrieving raw image data, but it does not warn that board images may contain sensitive design, product, or customer information. In an MCP/agent setting, this can facilitate exfiltration of board content outside Miro's access controls or normal user expectations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation exposes a destructive document-editing capability (`doc_update` with find/replace and `replace_all`) without warning that it can modify existing board content at scale or advising confirmation before execution. In an agent skill context, unclear guidance can cause an LLM-driven client to perform unintended mass edits, leading to integrity loss of user documents.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The bulk row sync operation performs upserts and can overwrite or create multiple table rows, but the documentation does not warn about data mutation risk or require confirmation for bulk changes. In an MCP/agent setting, this increases the chance of accidental large-scale data corruption when an automated workflow misidentifies keys or syncs incorrect rows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal