ClawHub
Back to skill

Security audit

Figma

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Figma connector skill that can read and modify Figma data through an OOMOL account, with no evidence of hidden or malicious behavior.

Install only if you trust OOMOL with access to the Figma account or workspace you connect. Review requested Figma actions carefully, especially comments, dev resources, deletes, and any first-time CLI installation or account-connection step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The action list contains inconsistent safety tagging: some clearly read-oriented actions such as `get_component_set` and `list_comment_reactions` are marked `[write]`, while the Safety section says untagged actions are safe reads and tagged actions require confirmation. This can mislead an agent into unnecessary confirmations for reads or, more importantly, weaken trust in the tagging system so that truly state-changing actions may be mishandled.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger guidance says to use this skill for ANY Figma request and whenever a task involves Figma, which is overly broad and can cause the skill to be invoked for vague mentions or mixed-context tasks. That increases the chance of unintended tool use against a live connected Figma account, including access to sensitive workspace data or accidental write operations if the agent overcommits to this skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.