Security audit

Figma to Mobile

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate Figma-to-mobile-code skill, but it can optionally scan broad local app project contents without a clear user-consent boundary.

Install only if you are comfortable giving the skill a Figma personal access token and allowing it to inspect local mobile project resources for better code generation. Before running project_scan.py, specify the intended project and module, review the generated scan report, and avoid using it on repositories containing unrelated private strings or assets unless that indexing is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The design document materially expands the skill from converting a Figma link into generated mobile UI code into scanning local project modules and modifying project resources. That broader capability increases data exposure and write scope beyond the user-facing description, creating a permission and expectation mismatch that could lead an agent to inspect unrelated files or alter an existing app in ways the user did not explicitly request.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Project-wide or dependency-module scanning is not necessary for basic Figma-to-code generation and can expose source structure, resources, strings, styles, and custom components unrelated to the requested design conversion. In an agent setting, this broadens the reachable local context and increases the chance of over-collection, privacy leakage, or unintended coupling to internal project artifacts.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: Creating new resources inside an existing app module goes beyond passive code generation and turns the skill into a project-modifying tool. Without explicit consent and bounded write targets, an agent could introduce files into the wrong module, overwrite conventions, or make persistent changes that are unexpected from a skill advertised as producing code files from Figma designs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.