ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Figma Design Integration

v1.0.0

Figma design asset reading, code generation, and MCP integration. Covers REST API direct calls and MCP Server capabilities for design-to-code workflows. **Us...

0· 66·1 current·1 all-time
by陈源泉@chenyqthu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and supporting docs require a FIGMA_TOKEN and describe MCP (remote) interactions, but the registry metadata lists no required environment variables or primary credential — that's inconsistent. The included references/omada-assets.md also embeds many internal file keys (private project file identifiers) which goes beyond a minimal 'demo' skill and suggests access to proprietary assets.
!
Instruction Scope
Runtime instructions tell agents to use scripts that read arbitrary Figma file structure and to add/use an MCP server (https://mcp.figma.com/mcp) for interactive design-to-code and write-back. The human guide asserts the FIGMA_TOKEN "won't be exfiltrated," yet the MCP flow implicitly sends design data to a remote MCP endpoint and to Claude/Codex — the docs are inconsistent about where data goes and what is sent. The scripts themselves only call api.figma.com, but the SKILL.md explicitly instructs using remote MCP tooling that will transmit design content outside the local environment.
Install Mechanism
No install spec; this is instruction-only with a bundled utility script. The provided scripts/figma_api.py is plain, readable, and only performs authenticated calls to Figma and image downloads — no obfuscated code or remote arbitrary downloads.
!
Credentials
The skill effectively requires a FIGMA_TOKEN (documented in SKILL.md and used by the script) but the registry metadata declares no required env vars or primary credential — a mismatch. FIGMA_TOKEN is sensitive; the docs' claim that it "only exists locally, not exfiltrated" is not enforced by code and is contradicted by the MCP instructions which will send design data to remote endpoints. The asset list contains many internal file keys which may be sensitive information about your organization's design assets.
Persistence & Privilege
The skill does not request always:true and doesn't ask to modify other skills or system-wide configs. It reads/writes only within its own workspace (downloads to /tmp, references ~/.openclaw paths in docs) and uses normal API calls. No elevated persistence behavior observed.
What to consider before installing
Do not install blindly. Ask the publisher to clarify the apparent mismatches: (1) update the registry metadata to declare FIGMA_TOKEN as a required credential if the skill needs it; (2) confirm the exact data flow for MCP usage — which endpoints receive design data and whether those endpoints are under your control or third-party services; (3) verify that the listed file_keys in references/omada-assets.md are intended to be distributed with the skill (they may be proprietary); (4) audit the bundled scripts locally (figma_api.py is small and readable) and run them in an isolated environment before giving the token broad scopes or editor permissions; and (5) avoid granting editor or organization-level permissions until you confirm the MCP provider and OAuth flows, and consider using a least-privilege token (read-only) for initial testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97astmespbr0q8cynjykb9t8583wmgj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments