MCPVet
Medium
github · 92 files analyzed
GLips/Figma-Context-MCP
Powerful capabilities — review before trusting.
View source ↗Outbound network 3
Environment variables (config / keys) 9
Filesystem writes 1
Shell / command execution 2
AI review
This is a legitimate Figma MCP server with no deceptive or malicious behavior. The flagged items are standard Node.js patterns for environment variable access, child process execution in tests, and network calls to the Figma API—all expected for this extension's stated purpose. No hidden instructions, prompt injection vectors, or data exfiltration mechanisms were found.
- low Standard environment variable usage — The code accesses process.env for configuration (API keys, telemetry opt-out, version info) and test flags. This is expected behavior for a configurable MCP server and does not exfiltrate secrets.
- low Child process usage in tests only — execSync and spawn are used exclusively in test files (scan-hidden-chars.mjs, server.test.ts, stdio.test.ts) for testing purposes, not for arbitrary command execution from user input.
- low Network calls to Figma API — All fetch calls target the Figma API (get-figma-data-metrics.ts, fetch-json.ts, common.ts) as required for the server's stated purpose of fetching Figma design data.
- low No hidden instructions or prompt injection — The CLAUDE.md and release instructions contain only legitimate development workflow documentation. No attempts to manipulate the AI agent or exfiltrate data were found.
Model: deepseek-chat
Static findings
Shell / command execution · Executes shell / system commands
medium
scripts/scan-hidden-chars.mjs:18
import { execSync } from "node:child_process";
info
src/tests/server.test.ts:6
import { spawn, type ChildProcess } from "child_process";
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
src/bin.ts:10
version: process.env.NPM_PACKAGE_VERSION ?? "unknown",
low
src/config.ts:50
return process.env[name] || undefined;
low
src/mcp/index.ts:17
version: process.env.NPM_PACKAGE_VERSION ?? "unknown",
low
src/telemetry/client.ts:83
if (process.env.FRAMELINK_TELEMETRY === "off") return false;
info
src/tests/integration.test.ts:11
const describeOrSkip = process.env.RUN_FIGMA_INTEGRATION === "1" ? describe : describe.skip;
info
src/tests/stdio.test.ts:36
env: { ...process.env, NODE_ENV: "cli" },
low
src/utils/logger.ts:21
if (process.env.NODE_ENV !== "development") return;
low
src/utils/proxy-env.ts:17
return PROXY_ENV_VARS.some((n) => process.env[n] || process.env[n.toLowerCase()]);
low
tsup.config.ts:3
const isDev = process.env.npm_lifecycle_event === "dev";
Outbound network · Makes outbound network requests
info
src/services/get-figma-data-metrics.ts:43
/** Wall-clock ms spent on the Figma API fetch (network + parse). */
low
src/utils/common.ts:33
const response = await fetch(imageUrl, {
low
src/utils/fetch-json.ts:65
const response = await fetch(url, fetchOptions);
Filesystem writes · Reads or writes the filesystem
low
src/utils/common.ts:66
fs.unlink(fullPath, () => {});
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.