penpot-mcp
by penpot
Overview
The Penpot MCP server enables LLMs to perform data queries, transformation, and creation operations on Penpot design files by allowing LLMs to execute JavaScript code via a Penpot plugin.
Installation
npm run bootstrapEnvironment Variables
- PENPOT_MCP_SERVER_LISTEN_ADDRESS
- PENPOT_MCP_SERVER_PORT
- PENPOT_MCP_WEBSOCKET_PORT
- PENPOT_MCP_REPL_PORT
- PENPOT_MCP_SERVER_ADDRESS
- PENPOT_MCP_REMOTE_MODE
- PENPOT_MCP_LOG_LEVEL
- PENPOT_MCP_LOG_DIR
- PENPOT_MCP_PLUGIN_SERVER_LISTEN_ADDRESS
- MULTI_USER_MODE
Security Notes
CRITICAL: The `execute_code` tool allows arbitrary JavaScript code execution directly within the Penpot plugin's context (`new Function(...)` is used). If an attacker gains control of the MCP server or the LLM client, they could execute malicious code within the user's Penpot session, potentially manipulating design files or exfiltrating data. File system access for `import_image` and `export_shape` tools is enabled by default in single-user (local) mode, allowing local file read/write, which is risky. Multi-user mode currently uses a hardcoded 'dummyToken' for authentication, making it insecure for shared deployments.
Similar Servers
boilerplate-mcp-server
Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
mcp-agent-kit
Simplifies the creation and management of AI agents, chatbots, and Model Context Protocol (MCP) servers with various LLM providers.
MCP-para-todo
An educational MCP server that connects language models with external tools in real-time, focusing on providing real-world context and extending LLM capabilities.