MCPVet
Low
github · 93 files analyzed
GLips/Figma-Context-MCP
Minor capabilities, nothing alarming.
View source ↗Outbound network 3
Environment variables (config / keys) 9
Filesystem writes 1
Shell / command execution 2
AI review
This is a legitimate Figma MCP server with no hidden instructions or data exfiltration mechanisms. The code uses standard environment variable access for configuration and telemetry opt-out, and the only command execution is in test files and a hidden-char scanner utility that operates on local files.
- low Legitimate environment variable usage — The code accesses environment variables like NPM_PACKAGE_VERSION, FRAMELINK_TELEMETRY, and proxy settings for standard configuration purposes. No secrets or credentials are being read and exfiltrated.
- low Command execution in test files — execSync and spawn are used in test files (scan-hidden-chars.mjs, server.test.ts) for legitimate testing purposes, not for malicious command injection.
- low No hidden instructions or prompt injection — The .claude/commands/release.md contains legitimate release workflow instructions. No deceptive tool descriptions or hidden prompts were found.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
medium
scripts/scan-hidden-chars.mjs:18
import { execSync } from "node:child_process";
info
src/tests/server.test.ts:6
import { spawn, type ChildProcess } from "child_process";
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/bin.ts:10
version: process.env.NPM_PACKAGE_VERSION ?? "unknown",
low
src/config.ts:50
return process.env[name] || undefined;
low
src/mcp/index.ts:17
version: process.env.NPM_PACKAGE_VERSION ?? "unknown",
low
src/telemetry/client.ts:83
if (process.env.FRAMELINK_TELEMETRY === "off") return false;
info
src/tests/integration.test.ts:11
const describeOrSkip = process.env.RUN_FIGMA_INTEGRATION === "1" ? describe : describe.skip;
info
src/tests/stdio.test.ts:36
env: { ...process.env, NODE_ENV: "cli" },
low
src/utils/logger.ts:21
if (process.env.NODE_ENV !== "development") return;
low
src/utils/proxy-env.ts:17
return PROXY_ENV_VARS.some((n) => process.env[n] || process.env[n.toLowerCase()]);
low
tsup.config.ts:3
const isDev = process.env.npm_lifecycle_event === "dev";
Outbound network · Makes outbound network requests
info
src/services/get-figma-data-metrics.ts:43
/** Wall-clock ms spent on the Figma API fetch (network + parse). */
low
src/utils/common.ts:33
const response = await fetch(imageUrl, {
low
src/utils/fetch-json.ts:65
const response = await fetch(url, fetchOptions);
Filesystem writes · Reads or writes the filesystem
low
src/utils/common.ts:66
fs.unlink(fullPath, () => {});
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.