figma-agent Security Report — Trusted | ClawSafe

5 /100

figma-agent

Unified Figma skill for OpenClaw. Reads design context via Figma Remote MCP and routes write/edit/create operations through Claude Code ACP sessions.

Figma Agent is a well-documented, transparent skill that bootstraps Figma MCP tokens by scanning known credential stores. All behavior—network calls, filesystem reads, token refresh, and config writing—is explicitly declared in SKILL.md with zero obfuscation or hidden functionality.

Skill Namefigma-agent

Duration62.1s

Enginepi

✓

Safe to install

Approve for use. No security concerns identified. The credential-scanning behavior is declared, scoped, and serves a legitimate bootstrap purpose.

Findings 4 items

Severity	Finding	Location
Info	Credential file scanning for token bootstrap token-scanner.mjs scans three credential stores (~/.claude/.credentials.json, ~/.codex/auth.json, ~/.codeium/windsurf/mcp_config.json) to find Figma MCP tokens. This is legitimate token bootstrapping fully documented in SKILL.md Token management section. Only Figma-specific tokens are extracted and written to OpenClaw config. No exfiltration observed. `const claudePath = join(HOME, '.claude', '.credentials.json');` → No action needed. Behavior is declared and scoped to Figma tokens only.	`scripts/token-scanner.mjs:23`
Info	OAuth token refresh via Figma API bootstrap-token.mjs makes HTTP POST to api.figma.com/v1/oauth/token for token refresh. This is standard OAuth behavior and the only network call to external services (alongside mcp.figma.com/mcp). Both are declared. `const metaRes = await fetch('https://api.figma.com/v1/oauth/token');` → No action needed. Standard OAuth token refresh, declared in SKILL.md.	`scripts/bootstrap-token.mjs:32`
Info	No dependencies package.json has zero dependencies (dependencies: {}). All functionality uses built-in Node.js APIs (fs, os, path, fetch). No supply chain risk. `"dependencies": {}` → Excellent dependency hygiene. Maintain this standard.	`package.json:1`
Info	Config write only to OpenClaw locations writeToOpenClaw() in bootstrap-token.mjs writes the token only to known OpenClaw config paths (~/.openclaw/openclaw.json or ~/.config/openclaw/openclaw.json). No arbitrary file writes. config.mcp.servers.figma.headers = { Authorization: `Bearer ${token}` }; → No action needed. Write scope is constrained to OpenClaw config.	`scripts/bootstrap-token.mjs:75`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md: requires env FIGMA_MCP_TOKEN; token-scanner.mjs:23-89 reads ~/.claude/…
Network	`READ`	`READ`	✓ Aligned	SKILL.md: talks to mcp.figma.com/mcp via Remote MCP; bootstrap-token.mjs:30-52 r…
Shell	`NONE`	`NONE`	—	No shell invocation found. All scripts are pure Node.js ESM modules with no subp…
Environment	`READ`	`READ`	✓ Aligned	SKILL.md requires env FIGMA_MCP_TOKEN; figma-mcp-cli.mjs reads FIGMA_MCP_TOKEN f…
Skill Invoke	`ADMIN`	`ADMIN`	✓ Aligned	SKILL.md declares full Figma read/write capabilities; write path routes through …
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access; generate_figma_design HTML capture limitation documented in S…
Database	`NONE`	`NONE`	—	No database access found

13 findings

🔗

Medium External URL 外部 URL

https://keepachangelog.com/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://semver.org/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://mcp.figma.com/mcp

README.md:5

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-green.svg

README.md:9

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/version-v0.1.0-blue.svg

README.md:10

🔗

Medium External URL 外部 URL

https://clawhub.ai

README.md:11

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/ClawHub-skill-purple.svg

README.md:11

🔗

Medium External URL 外部 URL

https://nodejs.org

README.md:57

🔗

Medium External URL 外部 URL

https://help.figma.com/hc/en-us/articles/32132100833559

README.md:58

🔗

Medium External URL 外部 URL

https://developers.figma.com/docs/figma-mcp-server/write-to-canvas/

README.md:168

🔗

Medium External URL 外部 URL

https://api.figma.com/v1/oauth/token

scripts/bootstrap-token.mjs:32

🔗

Medium External URL 外部 URL

https://figma.com/mcp

scripts/figma-mcp.mjs:179

📧

Info Email 邮箱地址

[email protected]

package.json:6

File Tree

9 files · 34.4 KB · 946 lines

Markdown 4f · 477L JavaScript 4f · 451L JSON 1f · 18L

├─ ▾ 📁 references

│ └─ 📝 figma-api.md Markdown 35L · 1.2 KB

├─ ▾ 📁 scripts

│ ├─ 🔑 bootstrap-token.mjs ⚠ JavaScript 137L · 4.4 KB

│ ├─ 📜 figma-mcp-cli.mjs JavaScript 28L · 925 B

│ ├─ 📜 figma-mcp.mjs JavaScript 196L · 6.9 KB

│ └─ 🔑 token-scanner.mjs ⚠ JavaScript 90L · 2.8 KB

├─ 📝 CHANGELOG.md Markdown 15L · 1.1 KB

├─ 📋 package.json JSON 18L · 396 B

├─ 📝 README.md Markdown 203L · 7.5 KB

└─ 📝 SKILL.md Markdown 224L · 9.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`(none)`	`N/A`	npm	No	No dependencies declared in package.json — uses only built-in Node.js modules (fs, os, path, fetch)

Security Positives

✓ Zero dependencies — no supply chain risk

✓ All filesystem reads are explicitly declared in SKILL.md under Token management

✓ All network calls go to known Figma API endpoints (api.figma.com, mcp.figma.com)

✓ No obfuscation, base64, eval, or dynamic code execution

✓ No shell execution, subprocess, or remote script execution

✓ Token scanning is scope-limited to Figma tokens only (key includes 'figma' check)

✓ writeWithCheckpoint() safety pattern documented for write operations

✓ DRY_RUN flag provides safe preview before writes

✓ Clean separation: token-scanner.mjs handles file I/O, bootstrap-token.mjs handles network

✓ No hidden instructions in HTML comments or string literals

✓ AllowedTools mapping: Read→filesystem:READ, WebFetch→network:READ — matches inferred usage

Scan Report

Findings 4 items

File Tree

Dependencies 1 items

Security Positives