ClawHub

Figma

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Figma API helper that uses a Figma token for read-only design access and asset export, with the sensitive parts mostly disclosed.

Install only if you are comfortable giving the agent a Figma personal access token. Use the least-privileged Figma token available, run exports from a directory where saved assets are expected, and review exported files before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires a Figma token and makes network calls to the Figma API, but it does not explicitly declare permissions for those capabilities. This weakens reviewability and sandbox enforcement because operators may approve or run the skill without understanding that it can access secrets and send authenticated requests externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior says the skill reads files, exports layers, and retrieves comments, but the implementation reportedly also queries the authenticated user profile, enumerates projects/files, and writes exports to local disk. This broader behavior increases the data-access and persistence scope beyond what a user or reviewer would reasonably expect, creating a risk of unintended data exposure or unauthorized discovery of workspace contents.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill description says it is for reading Figma files, exporting assets, and retrieving comments, but the implementation also exposes account identity and workspace/project enumeration via /me, /teams/{team_id}/projects, and related listing endpoints. In an agent context, this broadens accessible data beyond the stated purpose and can enable unnecessary discovery of organization structure and accessible assets, violating least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Workspace discovery functions let the tool enumerate teams, projects, and files even though that capability is not justified by the stated use case. In a security-sensitive agent environment, discovery features increase the blast radius of a compromised or over-permissioned skill by helping an attacker map accessible design resources and metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal