Canva Automation
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is aligned with Canva automation, but users should understand it relies on Rube/Composio OAuth access that can read, create, move, upload, and export Canva content.
Install only if you are comfortable connecting Canva through Rube/Composio. Review the OAuth prompt, use an appropriate Canva account or workspace, and ask the agent to confirm before exporting, uploading, or moving important designs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could make changes in the connected Canva account or generate export links when the user asks for these workflows.
The skill documents Canva tools that can create, export, and reorganize account content. This is aligned with the stated automation purpose, but it is still meaningful account-changing authority.
`CANVA_CREATE_CANVA_DESIGN_WITH_OPTIONAL_ASSET` - Create a new design ... `CANVA_CREATE_CANVA_DESIGN_EXPORT_JOB` - Start the export process ... `CANVA_MOVE_ITEM_TO_SPECIFIED_FOLDER` - Move designs into folders
Confirm the exact design, folder, export format, and destination before running operations that create, move, upload, or export Canva content.
The connected Canva account or workspace can be accessed through the Rube MCP tools according to the OAuth permissions granted.
The skill requires delegated Canva account access through OAuth. That is expected for Canva automation, but it gives the integration authority over the connected account.
Active Canva connection via `RUBE_MANAGE_CONNECTIONS` with toolkit `canva` ... follow the returned auth link to complete Canva OAuth
Review the Canva OAuth scopes and connect only an account or workspace you are comfortable automating; revoke the connection when it is no longer needed.
The available Canva tool behavior and schemas come from the Rube MCP service at runtime.
The skill depends on a remote MCP endpoint and dynamic tool schemas rather than local reviewed code. This is disclosed and central to the skill, but users must trust that provider.
Add `https://rube.app/mcp` as an MCP server in your client configuration ... Always call `RUBE_SEARCH_TOOLS` first to get current tool schemas
Use the official Rube/Composio endpoint and documentation, and review the returned tool schemas before allowing sensitive or high-impact actions.
Information about Canva designs and automation inputs may be visible to or processed by the Rube/Composio integration as part of normal operation.
Canva operation details, such as design IDs, folder IDs, asset URLs, autofill data, and export requests, are routed through an external MCP/provider integration.
Automate Canva design operations through Composio's Canva toolkit via Rube MCP
Avoid sending unnecessary sensitive design data, asset URLs, or template autofill values, and review the provider’s data handling terms if the Canva workspace contains confidential material.