figma-design-analyzer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Figma analysis skill whose main risks are normal for a credentialed design-export tool: protect the Figma token and review generated local outputs.

Install only in a trusted workspace. Keep FIGMA_ACCESS_TOKEN private, avoid committing .env files or shell-profile token changes, use the narrowest practical Figma access, rotate the token if exposed, and only compare local files you intend to include in generated analysis output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documentation instructs use of the FIGMA_ACCESS_TOKEN environment variable, which means it relies on sensitive environment-sourced credentials while the finding indicates no explicit permissions are declared. Undeclared access to env-based secrets weakens transparency and consent boundaries, increasing the risk that the skill can access or mishandle credentials without clear user awareness.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The documented purpose is narrower than the behavior described in analysis, which includes additional collection and processing such as version history, comment statistics, local file parsing, HTML report generation, and bulk export capabilities. This mismatch is dangerous because users may authorize the skill for one task while it performs broader data access or processing than expected, expanding the attack surface and creating opportunities for unintended data exposure.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger language is broad enough that the skill could be invoked for loosely related requests without clear limits on what files, nodes, exports, or comparisons it may perform. Over-broad activation criteria can cause unintended execution on sensitive design assets or local implementation files, especially when the skill supports credentialed API access and file analysis.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation asks the user to provide a Figma personal access token but does not clearly label it as a sensitive secret or warn about privacy and misuse risks. This is dangerous because users may expose long-lived credentials without understanding the consequences, enabling unauthorized access to Figma files if the token is leaked, logged, or reused improperly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal