Figma

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears consistent with its stated Figma analysis/export purpose, but users should protect their Figma token and be aware it can export broad design data locally.

This skill looks coherent for read-only Figma analysis and asset export. Before installing or using it, make sure you trust the source, use a scoped/revocable Figma token, avoid committing .env files, and review generated exports or reports before sharing them.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

Low

What this means

Anyone using the token may be able to read Figma files available to that account or token.

Why it was flagged

The skill requires a Figma access token for API access. This is expected for a Figma integration, but the token is a credential that can grant access to private design files.

Skill content

export FIGMA_ACCESS_TOKEN="your-token-here"

# Or store in .env file
echo "FIGMA_ACCESS_TOKEN=your-token" >> .env

Recommendation

Use the least-privileged Figma token available, avoid committing .env files, and revoke/rotate the token if it may have been exposed.

#ASI02: Tool Misuse and Exploitation

Low

What this means

A broad export could create many local files and extract more of a design file than intended.

Why it was flagged

When invoked without narrower filters, the export workflow can export all frames from a specified Figma file. This is purpose-aligned but broad.

Skill content

if not frame_ids and not frame_names:
            # Export all frames
            frame_nodes = self._find_frames(file_data)

Recommendation

Prefer specific frame, component, or node IDs when possible, and review output directories before sharing generated packages.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

If a user installs dependencies manually, the exact package versions may vary over time.

Why it was flagged

The included scripts depend on external Python packages with lower-bound version constraints rather than exact pinned versions.

Skill content

requests>=2.31.0
aiohttp>=3.9.0
pathlib

Recommendation

Install dependencies in an isolated environment and consider pinning reviewed package versions before production use.

#ASI06: Memory and Context Poisoning

Info

What this means

Generated reports, tokens, or exported assets may contain sensitive design information.

Why it was flagged

The skill is designed to retrieve full design-file data for analysis and reporting. This is central to the purpose, but the retrieved context may contain proprietary designs or client material.

Skill content

Get complete JSON representation of any Figma file

Recommendation

Run the skill only on files you intend to analyze/export, store generated outputs securely, and avoid sharing reports or asset packages publicly unless reviewed.