Back to skill
Skillv1.0.0
ClawScan security
Canva Global · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 5:06 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is a read-only, informational skill about Canva's history and business that requires no installs, credentials, or special permissions and is coherent with its description.
- Guidance
- This skill appears safe to install: it only contains static informational text about Canva and requests no credentials or installs. Before installing, consider that the skill has no source or homepage listed—so the content may be outdated or unreferenced. If you rely on this for factual or business decisions, verify key facts against primary sources (Canva press releases, financial reports). Also monitor agent activity if you allow autonomous invocation (normal by default) so you can see how often the skill is used.
Review Dimensions
- Purpose & Capability
- okThe name and description promise an overview of Canva; the SKILL.md provides that overview and does not request unrelated capabilities or credentials.
- Instruction Scope
- okRuntime instructions are static content and a short 'read_when' guidance for context; there are no commands, file reads, network endpoints, or broad data-collection steps in the instructions.
- Install Mechanism
- okNo install spec and no code files — nothing is written to disk or downloaded at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths; that is proportionate for a purely informational skill.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed by default but no sensitive actions are described.