figma-mcp-write-server
by oO
Overview
Enables AI agents to programmatically create, modify, and manage design elements and properties within Figma via the Model Context Protocol (MCP).
Installation
node dist/index.jsSecurity Notes
The server uses `corsOrigin: '*'` for its WebSocket connection, which is a major security vulnerability if the server is exposed beyond localhost, as it allows cross-origin requests from any domain. While intended for local client-plugin communication, this wide-open setting should ideally be restricted to known origins or 'localhost'. The server also executes `child_process.exec` commands (e.g., `lsof`, `ps`, `kill -9`) for port management and zombie process cleanup, which, while justified in context, introduce a reliance on shell execution. Furthermore, image and export handlers allow reading from and writing to the local filesystem (e.g., `outputDirectory`, `source` paths) with `path.resolve`, but without explicit sanitization against directory traversal (e.g., `../../../etc/passwd`), posing a risk for arbitrary file system access/manipulation if a malicious input path is provided.
Similar Servers
f2c-mcp
A Model Context Protocol server for Figma Design to Code, enabling AI tools to convert Figma designs into production-ready frontend code.
figma-console-mcp
Provides AI assistants with real-time console access, visual debugging, design system extraction, and design creation capabilities for Figma.
figma-mcp-server
Enables AI agents to read from and modify Figma design documents programmatically, offering capabilities beyond the official read-only Figma MCP server.
mock-mcp
Facilitates AI-generated mock data for testing web applications by bridging test runners with Model Context Protocol (MCP) clients.