ClawHub

Canva

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Canva connector that can read and change Canva content using OAuth, with no evidence of hidden or unrelated behavior.

Install only if you are comfortable granting an agent OAuth-backed access to your Canva account. Review the Canva scopes during authorization, require explicit confirmation before page deletion or reordering, avoid shared machines unless token files are protected, and revoke the connector or remove ~/.mcp-skill/auth/ when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The merge_designs docstring explicitly states that destructive operations, especially page deletion, require an explicit user confirmation step before execution, but the implementation simply forwards operations directly to the remote tool with no runtime enforcement. In an agent setting, this creates a real safety gap: a misaligned caller, prompt-injected workflow, or orchestration bug could trigger irreversible destructive changes to user content without the intended approval gate.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill explicitly states that OAuth tokens are persisted to ~/.mcp-skill/auth/ but does not warn users about on-disk credential storage, file permissions, or shared-system exposure. In multi-user environments, ephemeral runners, synced home directories, backups, or compromised local accounts, persisted tokens can be discovered and reused to access Canva data without re-authentication.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal