canva

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the CLI install path is a normal npm-based same-brand distribution. The main risk is data-flow integrity: Canva authentication and API traffic are routed through Membrane as an intermediary proxy/service, which materially expands trust and centralizes credential handling outside official Canva endpoints.