ClawHub

Figma Mobile Cn

Security checks across malware telemetry and agentic risk

Overview

The skill’s Figma-to-code purpose is plausible, but it gives unsafe instructions for collecting and storing a Figma access token and keeps local feedback data without enough safeguards.

Review this skill before installing. Use it only if you are comfortable granting Figma design access and local project access, and do not paste access tokens into chat or store real tokens in a repository .env file. Configure credentials through a secure local secret mechanism, ensure secret files are ignored by version control, and delete or sanitize any feedback logs that may contain proprietary code or design details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill clearly uses environment variables and remote Figma API access, but does not declare corresponding permissions in a structured, auditable way. This weakens reviewability and can cause users or runtime policy systems to underestimate the skill's ability to access secrets and exfiltrate data over the network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The advertised purpose is Figma-to-mobile-code generation, but the workflow also instructs local project scanning, feedback-log analysis, multi-link diffing, and SVG export. This broader behavior expands the trust boundary and may induce users to allow access to local source trees and historical logs that are not obviously required by the initial description.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs the agent to ask the user to paste a Figma personal access token directly into chat and then persist it to a local .env file. Collecting secrets through natural-language chat creates unnecessary exposure in conversation history, logs, transcripts, and downstream tooling, and persisting them to project files increases the chance of accidental disclosure or commit.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
README 指导用户把 Figma Personal Access Token 写入项目根目录 .env,并说明脚本会自动读取,但没有提醒该凭据属于敏感秘密、不得提交到版本控制或共享仓库。这样容易导致 token 被误提交、泄露给团队成员或进入 CI 日志,进而使攻击者访问 Figma 设计资源。

Missing User Warnings

High
Confidence
99% confidence
Finding
Writing a user-provided personal token into a project .env without any cautionary guidance is unsafe because .env files are often copied, backed up, shared, or committed by mistake. The skill normalizes insecure secret handling and omits even basic safeguards such as gitignore, least privilege, or ephemeral usage.

Ssd 3

High
Confidence
99% confidence
Finding
This is a direct sensitive-credential collection workflow: the user is told to paste a Figma token into chat and save it locally. In the context of an agent skill, that is especially dangerous because secrets may be retained in model context, telemetry, logs, or visible to other tools in the workspace.

Ssd 3

Medium
Confidence
74% confidence
Finding
The feedback logging guidance instructs persistent storage of prior generated content and user-requested changes. While intended for quality improvement, it can capture proprietary UI code, internal project naming, API references, or user-supplied sensitive snippets, creating unnecessary long-term local data retention.

Credential Access

High
Category
Privilege Escalation
Content
## 异常处理

- **`FIGMA_TOKEN` 未设置**(脚本打印 `FIGMA_TOKEN_NOT_SET`)→ **不要**让用户自行敲复杂命令。应:
  1. 说明需要 Figma Personal Access Token
  2. 指引:Figma → 头像 → Settings → Security → Personal Access Tokens
  3. 请用户在对话中粘贴 token(通常以 `figd_` 开头)
  4. 将 token 写入项目根目录 `.env`:`FIGMA_TOKEN=figd_xxx`(脚本会自动读取 `.env`)
Confidence
98% confidence
Finding
Access Token

Credential Access

High
Category
Privilege Escalation
Content
- **`FIGMA_TOKEN` 未设置**(脚本打印 `FIGMA_TOKEN_NOT_SET`)→ **不要**让用户自行敲复杂命令。应:
  1. 说明需要 Figma Personal Access Token
  2. 指引:Figma → 头像 → Settings → Security → Personal Access Tokens
  3. 请用户在对话中粘贴 token(通常以 `figd_` 开头)
  4. 将 token 写入项目根目录 `.env`:`FIGMA_TOKEN=figd_xxx`(脚本会自动读取 `.env`)
  5. 再次执行 `node src/figma-fetch.js` 或 `npm run figma-fetch --`
Confidence
98% confidence
Finding
Access Tokens

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal