ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Figma To Static 2.0.5

v2.0.6

Convert Figma design files to pixel-level mobile-first static HTML/CSS pages. Use when: (1) user provides a Figma file link and wants a static web page, (2)...

0· 174·0 current·0 all-time
bykent@elsemk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (convert Figma designs to static HTML/CSS) matches the included tooling: REST + MCP fetchers, a CSS extraction script, visual-diff, and auth helpers. However the manifest and SKILL.md disagree about config paths and required credentials: the skill declares FIGMA_MCP_TOKEN and FIGMA_TOKEN as required env vars (both), while the scripts support using either MCP (via FIGMA_MCP_TOKEN or reading Claude credentials) or REST (via FIGMA_TOKEN). Requiring both tokens up-front is disproportionate — one is usually sufficient depending on chosen access path.
!
Instruction Scope
SKILL.md and scripts instruct the agent to manage OAuth handoffs, scrape REPL output, accept/prompt for OAuth artifacts (code#state or full callback URLs), and call helper scripts that parse terminal outputs. They explicitly direct reading of ~/.claude/.credentials.json (via --allow-claude-credentials) and require validating/pasting callback URLs. These behaviors involve handling sensitive authentication artifacts and terminal contents; while necessary for MCP flows, they expand the skill's scope beyond simply fetching Figma JSON/images and converting to HTML.
Install Mechanism
There is no automated install spec (instruction-only), which is lower risk. However SKILL.md recommends installing the Claude CLI and includes a setup script (scripts/setup_claude_mcp.sh) and multiple Python scripts that will be executed at runtime. The skill will prompt the user to run external commands (npm install -g @anthropic-ai/claude-code) if needed — these are not installed automatically but are part of the operational path and should be run deliberately by the user.
!
Credentials
The required env vars (FIGMA_MCP_TOKEN and FIGMA_TOKEN) are relevant to Figma access, but listing both as required is inconsistent with the scripts' fallback logic (one or the other suffices depending on MCP vs REST). More importantly, the scripts optionally read and refresh tokens from ~/.claude/.credentials.json (including client_id/client_secret/refresh_token) and attempt to persist refreshed tokens back to that file. That grants the skill permission to read and write a local credential store containing sensitive secrets — a high-privilege action that should be consciously authorized by the user.
!
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). However it writes a local auth-lock file (tmp/claude-auth-lock.json) and — when run with the allowance flag — may update ~/.claude/.credentials.json to persist refreshed tokens. Writing to the user's local credentials file (and potentially altering token lifecycle) is a meaningful privilege beyond typical file reads and should be explicitly consented to. The registry metadata also inconsistently lists configPaths in SKILL.md metadata while the top-level registry summary said none, which is a provenance mismatch to note.
What to consider before installing
This skill is plausible for converting Figma designs to static HTML/CSS, but it requires and optionally manipulates sensitive authentication artifacts. Before installing or running it: - Confirm you trust the skill author/source (homepage unknown and owner ID only). The package includes code that will read and may update ~/.claude/.credentials.json if you enable that mode. - Prefer the least-privilege flow: supply only the specific token you want to use (FIGMA_MCP_TOKEN for MCP mode or FIGMA_TOKEN for REST mode) and avoid running with --allow-claude-credentials unless you explicitly want the skill to access your Claude credential file. - Inspect the scripts (especially fetch_figma_mcp.py, claude_auth_lock.py, and setup_claude_mcp.sh) yourself or run them in a sandboxed environment. Look for any network calls you don't expect (the code uses mcp.figma.com and api.figma.com; no other external endpoints were found in the provided files). - Note mismatches: version numbers (2.0.5 vs 2.0.6 in registry/meta), and SKILL.md metadata claiming a configPath while top-level requirements indicated none — ask the publisher for clarification. - If you must use it with live credentials, back up ~/.claude/.credentials.json first and consider running the skill in an isolated machine or container. If you cannot verify the source or you're uncomfortable with the skill reading/updating local credential files, classify it as unsafe to run and either decline or ask the author to provide a mode that operates only with an explicitly provided Figma token and never touches local Claude credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk979sj2kmx4zzd7j9ec5s0zwt183mk6v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎨 Clawdis
Binspython3
EnvFIGMA_MCP_TOKEN, FIGMA_TOKEN

Comments