Back to skill
Skillv1.0.3
ClawScan security
Figma · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 3:07 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it uses the Membrane CLI to access Figma, asks the user to perform interactive login, does not request unrelated credentials, and contains only expected instructions for this purpose.
- Guidance
- This skill appears coherent and uses the Membrane CLI to access Figma. Before installing or running it: 1) Verify the Membrane project and npm package (@membranehq/cli) are legitimate (check the npm publisher, repository, git tags, and getmembrane.com). 2) Prefer installing the CLI in a controlled environment (container or VM) if you have security concerns, since `npm install -g` writes binaries globally. 3) Confirm you are comfortable granting Membrane server-side access to your Figma account (the skill delegates auth to Membrane). 4) If you want the agent to act autonomously, consider whether you want to allow those actions; otherwise invoke the skill manually. If you need deeper assurance, inspect the CLI source code or ask the maintainer for the exact OAuth scopes used when creating connections.
Review Dimensions
- Purpose & Capability
- okName and description match the instructions: the SKILL.md consistently instructs use of the Membrane CLI to connect to Figma, discover pre-built actions, create actions, and run them. Required capabilities (network access, Membrane account) are justified by the described functionality.
- Instruction Scope
- noteThe instructions stay within the stated purpose (install Membrane CLI, run membrane login/connect/action commands). They require interactive or headless browser-based authentication but do not instruct the agent to read unrelated files or exfiltrate secrets. Note: the README instructs the operator to run a global npm install and to complete interactive auth, so the user must perform those steps before using the skill.
- Install Mechanism
- noteThere is no built install spec in the registry metadata, but SKILL.md tells users to run `npm install -g @membranehq/cli@latest`. Installing a global npm package is expected for a CLI integration but carries the usual moderate risk of installing third-party code locally; the source is a public npm package (no obscure download URLs).
- Credentials
- okThe skill declares no required environment variables, no config paths, and no primary credential. The SKILL.md explicitly advises not to ask users for API keys and says Membrane handles auth server-side, so requested privileges are proportionate to the stated task.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or system-wide privileges beyond installing a CLI (user action). The skill allows normal autonomous invocation by agents (platform default); that is expected and not by itself concerning here.