Figma Plugin Writer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Figma plugin-code writing skill, but its generated patterns can clear a Figma page, so users should run it only on intended or duplicated content.
This skill appears safe for its stated purpose of writing Figma plugin code. Before installing or using it, remember that the generated examples commonly clear the target page and rebuild it; use a test file, duplicate page, or explicitly instruct the agent not to remove existing content.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running generated code on an important Figma page could remove existing design elements from that page.
The skill’s own workflow encourages generated plugin code to remove existing page elements before recreating the design. This is disclosed and aligned with design automation, but it can delete existing Figma content if run on the wrong page.
On each design iteration: 1. Clear old elements: `page.children.slice().forEach(c => c.remove())`
Review the generated code before running it, use a duplicate or dedicated page, and ask the agent to limit deletion to a named frame or selection when preserving existing content matters.