← Back to Skills Marketplace
maverick

Canva mcp

by Maverick · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
38
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install maverick-canva-mcp
Description
Search, read, and manage Canva designs, folders, brand assets, exports, comments, and templates via Canva's hosted MCP server (https://mcp.canva.com/mcp). Us...
README (SKILL.md)

Canva

Quick start

Always invoke through bash {baseDir}/scripts/invoke.sh — never call mcporter directly. The wrapper seeds the OAuth vault from the env-supplied tokens when needed, then calls mcporter.

bash {baseDir}/scripts/invoke.sh list maverick-canva --schema

For structured output (also surfaces transport errors as JSON envelopes — workaround for mcporter #153):

bash {baseDir}/scripts/invoke.sh call --output json maverick-canva.TOOL_NAME key=value | jq '.result.content'

Safety

Write operations that create, edit, export, publish, share, comment on, or change brand assets modify Canva content visible to the connected workspace. Confirm clear user intent before invoking write tools — search and read tools are safe to call freely while exploring. Search designs, folders, and assets before assuming IDs, and read current metadata before editing, exporting, or commenting.

Authentication

Tokens are provisioned and rotated automatically. If a call returns HTTP 401 that doesn't recover within a few seconds, the OAuth grant has been revoked — re-authorize the integration to refresh credentials.

Data flow

Tool calls travel to Canva's hosted MCP service at https://mcp.canva.com/mcp over HTTPS, authenticated via OAuth. Canva sees the design, folder, asset, export, comment, and template data referenced by each call. Use this skill for Canva-related work only; do not pass unrelated sensitive content through these tools.

Dependencies

  • mcporter (github.com/steipete/mcporter) — MCP CLI used to invoke Canva's hosted MCP server. Auto-installed via npm install -g --ignore-scripts mcporter if missing on PATH (see install spec in frontmatter). The install spec uses unpinned mcporter (npm latest); operators with strict supply-chain controls should override the install to pin a specific version (e.g. mcporter@\x3Cversion>).
  • jq (stedolan.github.io/jq) — JSON processor used by the vault initializer. System dependency; install via your OS package manager (apt install jq, brew install jq, etc.).
  • flock (part of util-linux) — file locking used to serialize concurrent vault writes. Available by default on Linux; on macOS install via brew install flock.
  • shasum (Perl, ships with Digest::SHA) — computes the SHA-256 hashes used to derive the mcporter vault key and the provisioned-token marker. Preinstalled on macOS and on Debian/Ubuntu (incl. the deployed cloudflare/sandbox Ubuntu 22.04 image); on minimal Linux images install perl-Digest-SHA. The script invokes shasum -a 256 rather than GNU sha256sum so it runs on stock macOS without coreutils.
Usage Guidance
This skill appears purpose-aligned for Canva workflows. Before installing, make sure you are comfortable granting Canva OAuth access, letting mcporter store the OAuth tokens locally, and allowing the agent to perform Canva write actions only after clear confirmation. Pin the mcporter package if your environment requires reproducible installs.
Capability Analysis
Type: OpenClaw Skill Name: maverick-canva-mcp Version: 1.0.0 The skill is a legitimate integration for Canva's hosted MCP server. It includes a robust shell script (scripts/init-mcporter.sh) to manage OAuth tokens, which follows security best practices such as using file locking (flock) for concurrency, atomic file writes, and passing secrets to jq via environment variables to avoid exposure in process listings. The behavior is entirely consistent with the stated purpose of managing Canva assets via the mcporter CLI tool.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The stated purpose matches the capability: searching, reading, and managing Canva designs, folders, exports, comments, templates, and brand assets. Some actions can modify workspace-visible Canva content.
Instruction Scope
The skill explicitly tells the agent to confirm clear user intent before write actions, while allowing search/read tools for exploration. This is appropriate, but users should still review write, share, publish, export, and comment requests.
Install Mechanism
The skill installs and relies on the unpinned npm package mcporter plus local utilities jq, flock, and shasum. The unpinned dependency is disclosed and purpose-aligned.
Credentials
Canva OAuth access and refresh tokens are required, and tool calls go to Canva's hosted MCP endpoint over HTTPS. This is proportionate for a Canva integration.
Persistence & Privilege
The wrapper seeds mcporter's local OAuth credential vault and stores a hash marker in the skill directory. This is disclosed and used to maintain the Canva connection; there is no evidence of background execution or unrelated persistence.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install maverick-canva-mcp
  3. After installation, invoke the skill by name or use /maverick-canva-mcp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the maverick-canva skill for interacting with Canva via the hosted MCP server. - Supports searching, reading, and managing designs, folders, brand assets, exports, comments, and templates. - Provides secure authentication and automatic token rotation using provided environment variables. - Includes usage guidelines for safe write operations and dependency management. - Relies on required binaries (`mcporter`, `jq`, `flock`, `shasum`) with clear installation instructions.
Metadata
Slug maverick-canva-mcp
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Canva mcp?

Search, read, and manage Canva designs, folders, brand assets, exports, comments, and templates via Canva's hosted MCP server (https://mcp.canva.com/mcp). Us... It is an AI Agent Skill for Claude Code / OpenClaw, with 38 downloads so far.

How do I install Canva mcp?

Run "/install maverick-canva-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Canva mcp free?

Yes, Canva mcp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Canva mcp support?

Canva mcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Canva mcp?

It is built and maintained by Maverick (@maverick); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments