Figma

Security checks across malware telemetry and agentic risk

Overview

This Figma skill is mostly coherent, but its setup instructions include running remote installer scripts directly in a shell.

Use this only if you trust OOMOL with your connected Figma account. Install or update the `oo` CLI yourself from a verified source instead of letting an agent run the remote shell installer, and review every Figma write or delete payload before approving it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The file documents a read-only action (`list_comment_reactions`) as a write action that changes Figma state, which can mislead an agent or operator into applying the wrong safety posture. In an agent skill, inaccurate action semantics are security-relevant because they can cause unnecessary confirmation prompts, policy mismatches, or incorrect trust decisions about what an action does.

External Script Fetching

High

Category: Supply Chain
Content: - **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>): ```bash curl -fsSL https://cli.oomol.com/install.sh | bash # macOS / Linux ``` ```powershell
Confidence: 97% confidence
Finding: curl -fsSL https://cli.oomol.com/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal