ClawHub

Canva Automation

v0.1.0

Automate Canva tasks via Rube MCP (Composio): designs, exports, folders, brand templates, autofill. Always search tools first for current schemas.

1· 1.9k·6 current·6 all-time
by@sohamganatra
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Canva automation) match the instructions: all actions reference Canva tool calls via Rube MCP (list designs, create, upload, export, folders, autofill). Nothing requested (no env vars, no unrelated binaries) is out of scope for a connector-style skill.
Instruction Scope
Instructions are narrowly scoped to using Rube MCP tool calls and OAuth-managed Canva connections; they do not ask the agent to read local files or unrelated environment variables. Note: the skill tells you to add an external MCP endpoint (https://rube.app/mcp) and to follow returned auth links — that grants the MCP server the ability to provide tool schemas and trigger OAuth flows, which is expected but worth vetting.
Install Mechanism
No install spec and no code files — instruction-only. That minimizes on-disk installation risk; the only runtime behavior is use of the platform's MCP/tool APIs.
Credentials
No environment variables, credentials, or config paths are requested by the skill itself. OAuth for Canva is handled via RUBE_MANAGE_CONNECTIONS as described, which is appropriate for this integration.
Persistence & Privilege
always:false (default) and no self-modifying/install actions. The skill does rely on the agent invoking external tools (normal for skills). No requests to change other skills or system-wide settings are present.
Assessment
This skill is internally coherent for automating Canva via a third‑party MCP, but you should verify and trust the MCP provider before enabling it. Specifically: (1) Confirm rube.app is a legitimate service and review its privacy/security docs; (2) When you run RUBE_MANAGE_CONNECTIONS, check the OAuth consent screen and scopes requested from Canva and limit access if possible; (3) Prefer testing with a non-production or throwaway Canva account to observe what the MCP/tool calls actually do and what data is exposed; (4) Use the recommended RUBE_SEARCH_TOOLS call to inspect tool schemas before executing actions so you understand what inputs/outputs the MCP supplies; (5) If you require higher assurance, request the skill author/source code or an official homepage and avoid adding unknown MCP endpoints to clients used for sensitive accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ae2z90n1khqwn6wyafhy6d80q8hy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments