ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

yyl-test-skill

v1.0.0

Professional Figma design analysis and asset export. Use for extracting design data, exporting assets in multiple formats, auditing accessibility compliance,...

1· 71·0 current·0 all-time
by@yylgit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description (Figma analysis & export) match the code: the scripts call the Figma REST API, export images, run audits, and write local deliverables. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts require a FIGMA_ACCESS_TOKEN—this omission is an incoherence that should have been declared by the skill.
Instruction Scope
SKILL.md instructions are generally scoped to Figma operations (get-file, export, audit). They explicitly instruct setting FIGMA_ACCESS_TOKEN and running the included Python scripts. The instructions promise 'read-only' access to Figma; the code performs only read operations against the Figma API and writes exported assets locally. There is no evidence in the provided files of instructions to read unrelated host files or exfiltrate data to third-party endpoints outside the Figma API/CDN.
Install Mechanism
This is an instruction-and-code skill with no install spec; it includes a small requirements.txt (requests, aiohttp, pathlib). No remote download/install URLs or archives are used. The install surface is standard for a local Python tool.
!
Credentials
The code and SKILL.md require a Figma access token (FIGMA_ACCESS_TOKEN), but the skill metadata claimed no required env vars or primary credential. Requesting a single Figma token is proportionate to the stated purpose, but the missing declaration is a transparency issue. Also note SKILL.md suggests storing token in a .env file (convenient but increases risk if the repository/environment is shared).
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It writes export files to local output directories (expected for an export tool). Autonomous invocation is allowed by default (normal for skills) but does not combine with other high-risk flags here.
What to consider before installing
Before installing or running this skill: - Expect to provide a Figma access token (FIGMA_ACCESS_TOKEN). The registry metadata wrongly lists no required env vars—confirm the token requirement with the author. - Use a least-privilege token: create a Figma token with only the scopes needed for read/export and avoid broad team-level credentials if possible. Revoke the token after use if it's temporary. - Don't store long-lived tokens in shared .env files or source control. If you must, keep the file out of version control and limit filesystem access. - Review the included scripts locally (they are present and readable). They call only api.figma.com and the Figma CDN (expected). Search for any hardcoded or unexpected network endpoints before running. - Run first in an isolated environment (temporary VM or container) so exported files are contained and any unexpected behavior is limited. - Note the package metadata inconsistencies (missing declared env var, differing ownerId in _meta.json versus registry owner) — if you need a higher assurance, ask the publisher for source repository/homepage and an explanation for the metadata mismatch. If you need, I can extract the exact places in the code that read FIGMA_ACCESS_TOKEN and list all HTTP endpoints the scripts call.

Like a lobster shell, security has layers — review code before you run it.

latestvk979q874zms06004y1124g5jk983b8p5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments