Figma
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: kai-tw-figma Version: 1.0.3 The OpenClaw AgentSkill for Figma is classified as benign. The skill's code (`scripts/figma_tool.py`) and documentation (`SKILL.md`, `README.md`) clearly outline its purpose: interacting with the Figma REST API to read file structures, retrieve comments, and export assets. It uses `argparse` for robust command-line argument parsing, mitigating direct shell injection vulnerabilities from user input. The `FIGMA_TOKEN` is handled securely via environment variables, and all network communication is directed to the official Figma API. The `README.md` explicitly addresses security concerns and clarifies that the skill only performs read-only operations on Figma files and does not interact with unrelated system files or arbitrary endpoints. There is no evidence of intentional data exfiltration, persistence mechanisms, or malicious prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with a real token, the agent can retrieve Figma account, team/project, file, and comment data that the token can access.
The script uses a Figma personal access token from the environment to authenticate API requests, which is expected for the skill but grants access to Figma resources available to that token.
token = os.getenv("FIGMA_TOKEN") ... req.add_header("X-Figma-Token", self.token)Use a token with the least access needed, keep it private, revoke it when no longer needed, and only ask the agent to access Figma files or teams you intend to share with it.
Export requests can create local image/PDF files and make network downloads as part of the expected Figma export workflow.
During export, the script downloads image URLs returned by the Figma API and writes the resulting files to the local current working directory.
with urllib.request.urlopen(image_url) as response:
with open(filename, "wb") as f:Run exports from a directory where saved files are acceptable, review generated files before using or sharing them, and clean them up when no longer needed.