canva-automation

SUSPICIOUS. The skill's capabilities mostly match its stated Canva automation purpose, and the publisher/service relationship appears legitimate, but all actions and OAuth are routed through Composio's Rube gateway rather than directly to Canva. That third-party mediation, combined with inconsistent auth claims and real-world write/export actions, makes the skill medium risk even without signs of overt malware.