Figma Sync

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: connect to Figma with a user-provided token, generate local files, and prepare Figma change specs without hidden execution or exfiltration.

Install only if you are comfortable giving the skill access to the Figma files reachable by your FIGMA_TOKEN. Treat generated designModel, cache, images, and pluginSpec files as potentially private design data, and review patch specs before loading them into any companion Figma plugin.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill advertises and instructs use of sensitive capabilities including environment variable access for a Figma personal access token, network access to the Figma API, and local file read/write, but it does not declare permissions. This creates a trust and review gap: an agent or user may invoke a skill with broader capabilities than expected, increasing the chance of unauthorized token use, local file modification, or data exfiltration through the documented sync workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal