figma-mcp-server
Verified Safeby GSNadarajan
Overview
Provides a Model Context Protocol (MCP) server to expose Figma design tools to Claude Desktop for design-to-code workflows.
Installation
uvicorn main:app --reload --port 8002Environment Variables
- FIGMA_ACCESS_TOKEN
Security Notes
The server uses `CORSMiddleware` with `allow_origins=["*"]`, which permits requests from any origin. While common for specific integrations, it can be overly permissive for general web services. Additionally, the `/save-code` endpoint allows writing arbitrary HTML, CSS, and JavaScript strings to the server's filesystem. If this endpoint is publicly exposed without robust authentication and authorization, it could be exploited to store malicious files (e.g., web shells, spam), consume disk space, or potentially lead to other vulnerabilities if the saved files are later served or processed by other systems.
Similar Servers
octocode
An intelligent code indexer and semantic search engine that builds knowledge graphs of codebases, providing AI-powered assistance for development tasks like natural language search, smart commits, and code reviews, with local-first and multi-language support.
mcp-server
Unable to determine a specific use case due to the absence of source code for analysis. Implies a server component for an unspecified application.
mcp-fileop
A stateful MCP server for efficient, memory-mapped file operations, designed for VS Code integration, CLI tools, and web applications requiring streaming and progress updates.
mcp-server
A personal expense tracker with tools to add, list, delete, and summarize expenses, providing an API for financial management.