Canva Connect
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: canva-connect Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Canva Connect appears benign. The `SKILL.md` provides clear, non-malicious instructions and scope. The `scripts/canva.sh` script handles OAuth authentication, token storage (`~/.clawdbot/canva-tokens.json` with `chmod 600`), and API interactions exclusively with `api.canva.com`. It uses standard tools like `curl`, `jq`, `openssl`, and an embedded Python server for the OAuth callback, all for legitimate purposes aligned with managing Canva designs and assets. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can use the stored token may be able to access and modify Canva resources within the granted scopes.
The skill requires Canva OAuth credentials and stores reusable tokens for account access. This is expected for a Canva management integration, but users should recognize the account authority being granted.
Set scopes: `design:content` (Read + Write) ... `asset` (Read + Write) ... `profile` (Read) ... Tokens stored in `~/.clawdbot/canva-tokens.json`.
Use a dedicated Canva integration with only the scopes you need, keep the token file private, and run `auth logout` if you no longer use the skill.
A mistaken command could create unwanted Canva resources or move/delete Canva designs or assets.
The skill exposes commands that can mutate or remove Canva account content. The commands are clearly documented and purpose-aligned, but they can have account-level effects if invoked on the wrong item.
`designs delete <id>` | Move design to trash ... `assets delete <id>` | Delete asset ... `folders create <name>` | Create folder
Review design, asset, and folder IDs before running write or delete commands, and ask the agent to confirm destructive operations.
The skill may fail or behave differently depending on the local versions of these tools.
The skill has no install spec or required-binary declarations, but the script depends on several local command-line tools. This is not suspicious by itself, but it is relevant for review and reproducibility.
`curl -s -X POST`, `jq -r`, `openssl rand -hex 16`, `python3 << PYEOF`
Install and use trusted versions of curl, jq, openssl, and python3, and review the included script before authenticating.