registry  /  @layoutdesign/context  /  0.16.0

@layoutdesign/context@0.16.0

Design system context for AI coding agents — MCP server + CLI + live preview

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time or import-time attack surface is established. Explicit `install` configures the package's own MCP server in selected AI tools; explicit Figma capture emits browser-side remote script loading for the package-aligned Figma workflow.

Static reason
No blocking static signals were detected.
Trigger
User runs `layout-context install`, invokes MCP `push-to-figma`, or uses `scan --sync`.
Impact
Can alter selected AI-tool/project configuration and, on explicit commands, send design scan metadata or load the Figma capture helper.
Mechanism
User-invoked MCP setup, project tooling, and optional remote design-service integration.
Rationale
Source inspection supports a benign design-system CLI/MCP package with explicit integration capabilities. The remote script and configuration writes are relevant but package-aligned and user-invoked, so they do not establish malicious behavior.
Evidence
package.jsondist/bin/cli.jsdist/src/index.jsdist/src/cli/install.jsdist/src/update-check.jsdist/src/cli/scan.jsdist/src/mcp/tools/push-to-figma.jsdist/src/plugins/next/swc.jsdist/src/cli/setup-utils.jsdist/src/install/live.jsdist/src/cli/add.jsdist/src/cli/fetch-kit.jsdist/src/cli/import-zip.js
Network endpoints4
registry.npmjs.org/@layoutdesign/context/latestlayout.designui.staging.layout.design/rmcp.figma.com/mcp/html-to-design/capture.js

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/src/cli/install.js` explicitly configures MCP entries for Claude, Cursor, Windsurf, VS Code, Codex, and Gemini.
  • `dist/src/mcp/tools/push-to-figma.js` emits browser JS that fetches and executes `https://mcp.figma.com/mcp/html-to-design/capture.js`.
  • `dist/src/cli/scan.js` sends scan metadata only when the user passes `--sync`; optional `LAYOUT_API_KEY` is used as authorization.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
  • `dist/src/index.js` only re-exports library functions; no import-time side effect was found.
  • MCP configuration and project writes are reached only through explicit CLI/MCP commands; `--global` is an explicit install option.
  • `dist/src/update-check.js` makes a bounded, fail-silent npm version lookup and stores only a temp-file cache.
  • WASM assets are selected as local SWC plugin files by `dist/src/plugins/next/swc.js`; no remote payload loader was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 67 file(s), 356 KB of source, external domains: cdn.tailwindcss.com, docs.anthropic.com, layout.design, mcp.figma.com, nodejs.org, registry.npmjs.org, ui.staging.layout.design, unpkg.com, www.figma.com

Source & flagged code

2 flagged · loading source
dist/bin/cli.jsView file
20import { notifyIfUpdate } from "../src/update-check.js"; L21: const require = createRequire(import.meta.url); L22: const pkg = require("../../package.json");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/bin/cli.jsView on unpkg · L20
assets/layout-swc-plugin-57.wasmView file
path = assets/layout-swc-plugin-57.wasm kind = wasm_module sizeBytes = 848042 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

assets/layout-swc-plugin-57.wasmView on unpkg

Findings

5 Medium4 Low
MediumDynamic Requiredist/bin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Wasm Moduleassets/layout-swc-plugin-57.wasm
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings