ClawHub

Figma Design Integration

Security checks across malware telemetry and agentic risk

Overview

This Figma skill is mostly purpose-aligned, but it gives agents authenticated access to private design assets and write-capable Figma workflows without enough scoping or safeguards.

Install only if you trust this skill and its publisher with authenticated Figma access. Use a least-privilege Figma token, avoid sensitive or unreleased design files unless approved, and require explicit confirmation before any Figma write or create action. Treat the bundled Omada asset links as potentially private organizational data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill clearly requires environment access for `FIGMA_TOKEN` and network access to Figma APIs/MCP, but those capabilities are not explicitly declared. Undeclared sensitive capabilities reduce transparency and can cause an agent to invoke a skill that accesses credentials or external services without adequate user awareness or policy gating.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises write capabilities that can create or modify Figma files, frames, components, and variables, but it does not prominently require confirmation or warn about the risk of altering live production design assets. In agent contexts, this can lead to unintended destructive changes, corruption of shared design systems, or edits to the wrong file when a prompt is ambiguous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly instructs agents to use a Figma access token from a local environment file and export it for subsequent commands, but it does not warn that this is a sensitive credential or constrain when the agent may access it. In an agentic setting, documentation that normalizes automatic secret loading can lead to unintended credential use against external services and increases the chance of token exposure through logs, subprocesses, or misuse.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes prompts and guidance for creating pages and modifying Figma content via MCP, but it does not clearly warn that these actions can alter remote design assets. In an agent workflow, this raises the risk of unauthorized or accidental changes to shared production design files, especially if the agent follows these templates automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide instructs users to provide Figma frame links and project file links to AI/Jarvis, but it does not clearly warn that design files may contain sensitive product details, internal URLs, unreleased features, or other confidential information that could be exposed to external systems or broader audiences. In a design-to-code workflow, this omission increases the chance of unintentional data disclosure because users are explicitly encouraged to share links with AI tools.

Ssd 3

Medium
Confidence
93% confidence
Finding
The documentation publishes specific internal Figma file keys and labels them as organizational assets, effectively creating a built-in index to private design resources. If this skill is accessible beyond a tightly controlled audience, those identifiers facilitate unauthorized access attempts, broaden data discovery, and increase the chance that an agent will retrieve sensitive design data without explicit user scoping.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal