Security Audit

canvas-design

github.com/anthropics/skills

AI SkillCommit 1ed29a03dc85

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

canvas-design received a trust score of 88/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Direct filesystem directory access, Unrestricted external resource download.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 1ed29a03). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Direct filesystem directory access The skill explicitly instructs the agent to 'Search the `./canvas-fonts` directory.' This grants the agent direct access to the local filesystem, allowing it to list or read contents of the specified directory. This could lead to data exfiltration if sensitive files are present in or accessible from this path, or if the agent can be prompted to search other directories. It also represents an excessive permission. Restrict agent's filesystem access to only strictly necessary paths, or implement a secure sandbox that prevents arbitrary directory listing/reading. If font discovery is needed, provide a pre-approved list or a dedicated, sandboxed font service.	LLM	SKILL.md:140
MEDIUM	Unrestricted external resource download The skill instructs the agent to 'Download and use whatever fonts are needed to make this a reality.' This allows the agent to download arbitrary external resources (fonts) from potentially untrusted sources. This introduces supply chain risks, as malicious fonts could contain exploits or lead to the execution of harmful code. It also implies network access and file write permissions, which are excessive if not properly controlled. Specify trusted sources for font downloads, implement strict validation for downloaded files, or provide a pre-approved set of fonts. Ensure the execution environment for downloads is sandboxed and has minimal permissions.	LLM	SKILL.md:143

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/d1e2b8688249a5df.svg)](https://skillshield.io/report/d1e2b8688249a5df)