AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The main unresolved risk is explicit setup of package-owned Codex/Claude skills and a browser extension that rewrites Figma scripts for the tool's Figma workflow.
Decision evidence
public snapshot- dist/cli.js setup command copies bundled skills into ~/.codex/skills and ~/.claude/skills after explicit user invocation
- dist/cli.js can spawn pnpm exec playwright install chromium from setup
- dist/extension/chrome-mv3 redirects Figma scripts to extension code and executes rewritten Figma script content with Function()
- dist/cli.js reads Figma storage-state cookies and calls https://www.figma.com/api/user/state for auth checks
- package.json has no preinstall/install/postinstall lifecycle hooks
- Agent skill installation is under explicit figma-claw setup, not install-time execution
- Network use is aligned with Figma CLI/auth/browser automation functionality
- Figma email/password options are used to fill Figma login in a headed browser and then persist Playwright storage state
- No evidence of credential exfiltration to non-Figma endpoints or remote payload download
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L10Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L1