Skip to main content

canva-prod-checklist

Facilitates the deployment of Canva integrations by executing a comprehensive production checklist for readiness and security.

Install this skill

or
42/100

Security score

The canva-prod-checklist skill was audited on May 23, 2026 and we found 18 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 126

Template literal with variable interpolation in command context

SourceSKILL.md
126headers: { 'Authorization': `Bearer ${getServiceToken()}` },
medium line 129

Template literal with variable interpolation in command context

SourceSKILL.md
129canvaStatus = me.ok ? 'healthy' : `error:${me.status}`;
medium line 85

Curl to non-GitHub URL

SourceSKILL.md
85DESIGN=$(curl -s -X POST "https://api.canva.com/rest/v1/designs" \
medium line 94

Curl to non-GitHub URL

SourceSKILL.md
94EXPORT=$(curl -s -X POST "https://api.canva.com/rest/v1/exports" \
low line 125

Fetch to external URL

SourceSKILL.md
125const me = await fetch('https://api.canva.com/rest/v1/users/me', {
medium line 54

Webhook reference - potential data exfiltration

SourceSKILL.md
54### Webhook Security
medium line 56

Webhook reference - potential data exfiltration

SourceSKILL.md
56- [ ] Webhook endpoint uses HTTPS
medium line 57

Webhook reference - potential data exfiltration

SourceSKILL.md
57- [ ] JWK signature verification implemented (see `canva-webhooks-events`)
medium line 58

Webhook reference - potential data exfiltration

SourceSKILL.md
58- [ ] Webhook handler returns 200 immediately
medium line 112

Webhook reference - potential data exfiltration

SourceSKILL.md
1123. Preview features (e.g., webhooks) are **not allowed** in public integrations
medium line 158

Webhook reference - potential data exfiltration

SourceSKILL.md
158| Webhook URL rejected | HTTP not HTTPS | Use HTTPS endpoint |
low line 81

External URL reference

SourceSKILL.md
81"https://api.canva.com/rest/v1/users/me")
low line 85

External URL reference

SourceSKILL.md
85DESIGN=$(curl -s -X POST "https://api.canva.com/rest/v1/designs" \
low line 94

External URL reference

SourceSKILL.md
94EXPORT=$(curl -s -X POST "https://api.canva.com/rest/v1/exports" \
low line 125

External URL reference

SourceSKILL.md
125const me = await fetch('https://api.canva.com/rest/v1/users/me', {
low line 163

External URL reference

SourceSKILL.md
163- [Canva Connect Quickstart](https://www.canva.dev/docs/connect/quickstart/)
low line 164

External URL reference

SourceSKILL.md
164- [Creating Integrations](https://www.canva.dev/docs/connect/creating-integrations/)
low line 165

External URL reference

SourceSKILL.md
165- [Canva Changelog](https://www.canva.dev/docs/connect/changelog/)
Scanned on May 23, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2.2K
Rate this skill
Categoryproduct
UpdatedJune 10, 2026
claudeclaude-codefrontenddesignapitestingdevopsbackendproduct-managercanvaproduct
jeremylongshore/claude-code-plugins-plus-skills