Back to skill
Skillv0.1.0
VirusTotal security
Canva · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:54 AM
- Hash
- bfa6aeb7813a7dbc74b258cd82fe7641797639b32f6e1ea8bc58090e7752f4bb
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: canva-2 Version: 0.1.0 The Canva skill bundle is a legitimate implementation of a Model Context Protocol (MCP) client for interacting with Canva's API. The code in app.py correctly wraps tool calls to a remote Canva MCP server (mcp.canva.com) using standard OAuth authentication. The instructions in SKILL.md include proactive security and safety measures, such as explicitly instructing the AI agent to reject local file paths to prevent SSRF/LFI and requiring user confirmation for destructive operations like page deletion in the merge-designs tool.
- External report
- View on VirusTotal