canva-sdk-patterns

Provides production-ready patterns for integrating with the Canva Connect API using TypeScript, enhancing API client development.

Install this skill

or

44/100

Security score

The canva-sdk-patterns skill was audited on May 30, 2026 and we found 16 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 68

Template literal with variable interpolation in command context

SourceSKILL.md

68	const res = await fetch(`${CanvaClient.BASE}${path}`, {

medium line 71

Template literal with variable interpolation in command context

SourceSKILL.md

71	'Authorization': `Bearer ${this.tokens.accessToken}`,

medium line 92

Template literal with variable interpolation in command context

SourceSKILL.md

92	`${this.config.clientId}:${this.config.clientSecret}`

medium line 95

Template literal with variable interpolation in command context

SourceSKILL.md

95	const res = await fetch(`${CanvaClient.BASE}/oauth/token`, {

medium line 98

Template literal with variable interpolation in command context

SourceSKILL.md

98	'Authorization': `Basic ${basicAuth}`,

medium line 123

Template literal with variable interpolation in command context

SourceSKILL.md

123	async getDesign(id: string) { return this.request(`/designs/${id}`); }

medium line 124

Template literal with variable interpolation in command context

SourceSKILL.md

124	async listDesigns(params?: URLSearchParams) { return this.request(`/designs?${params \|\| ''}`); }

medium line 126

Template literal with variable interpolation in command context

SourceSKILL.md

126	async getExport(id: string) { return this.request(`/exports/${id}`); }

medium line 128

Template literal with variable interpolation in command context

SourceSKILL.md

128	async getAutofill(id: string) { return this.request(`/autofills/${id}`); }

medium line 144

Template literal with variable interpolation in command context

SourceSKILL.md

144	super(`Canva API ${status} on ${path}: ${body}`);

low line 188

Access to .env file

SourceSKILL.md

188	clientId: process.env.CANVA_CLIENT_ID!,

low line 189

Access to .env file

SourceSKILL.md

189	clientSecret: process.env.CANVA_CLIENT_SECRET!,

low line 55

External URL reference

SourceSKILL.md

55	private static BASE = 'https://api.canva.com/rest/v1';

low line 209

External URL reference

SourceSKILL.md

209	BASE = "https://api.canva.com/rest/v1"

low line 285

External URL reference

SourceSKILL.md

285	- [Authentication](https://www.canva.dev/docs/connect/authentication/)

low line 286

External URL reference

SourceSKILL.md

286	- [OpenAPI Spec](https://www.canva.dev/sources/connect/api/latest/api.yml)

Scanned on May 30, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorydesign

UpdatedJune 10, 2026

claude claude-code frontend design api testing backend ux-designer graphic-designer product-designer canva design

jeremylongshore/claude-code-plugins-plus-skills