Anima
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for building and publishing Anima apps, but it relies on an Anima API/Figma connection and an external CLI/MCP service, so users should review what gets created or published.
Install this only if you are comfortable using Anima as an external app-building and hosting service. Make sure publish/deploy actions are intentional, use an appropriate Anima API key, and avoid providing private Figma or website URLs unless they are approved for sharing with Anima.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A clear build request may result in remote Anima resources, hosted applications, or generated app infrastructure being created.
The skill can initiate high-impact external app creation and hosting operations, which is expected for its purpose but worth user awareness.
Build complete applications from scratch. No local codebase needed. Anima handles everything: design, code generation, scalable database, and hosting.
Use it for explicit build/prototype requests and confirm before publishing or deploying anything intended to be public.
The agent may act through the user's Anima account, and Figma-related flows may involve connected Figma account access.
The skill requires an Anima credential to operate, and the prerequisite section also notes Figma account connection for Figma flows.
For headless environments, requires an ANIMA_API_KEY.
Provide only the intended Anima API key, review connected Figma permissions, and revoke credentials if the skill is no longer needed.
The runtime behavior depends on the external Anima CLI package and its current published version.
The skill depends on an external CLI invoked through npx, while the provided artifacts do not include a pinned install spec or lockfile.
Use the Anima CLI (`npx @animaapp/cli`) for all operations.
Prefer a pinned, trusted CLI version where possible and install from the documented Anima source.
Project ideas, Figma URLs, website URLs, and generated app details may be shared with Anima services as part of normal operation.
The skill sends design prompts, URLs, and Figma/playground workflow data through an external MCP server or CLI-backed service.
Anima MCP server must be connected and accessible — or use the Anima CLI as an alternative
Avoid sending confidential designs, private URLs, or sensitive product details unless Anima is an approved service for that data.