← Back to Skills Marketplace
rasimme

Figma Agent

by Simeon · GitHub ↗ · v0.3.0 · MIT-0
cross-platform ⚠ suspicious
187
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install figma-agent
Description
Figma MCP integration for OpenClaw. Use when the user wants to read Figma designs, inspect design tokens/variables, work with Code Connect, or create/edit Fi...
README (SKILL.md)

Figma Agent

Figma Remote MCP integration for OpenClaw. Reads designs via figma__* tools; creates and edits via CC sessions using mcp__figma__* tools.

Route First

Read/Inspect → call figma__* tools directly. No CC session needed.
Write/Create/Edit → requires CC session via mcp__figma__* tools.

Seeing or understanding a design? → Direct. Do not start a session.
Changing or creating something? → Start a CC session. Follow the matching playbook below.

Execution model:

  1. Route & Brief — choose the workflow, identify the real risks, and write a lean execution brief
  2. Execute — perform the direct read or CC-based write flow
  3. Done Gate — do not report success until the applicable structural and visual validation checks pass

Workflow Routing

First: Determine the user's intent, then follow the matching path.

This is an abridged routing summary. For the full matrix and decision logic, see references/workflow-selection.md.

→ Full routing matrix: references/workflow-selection.md

Intent Path Route
Build a production screen Native Screen Generation CC
Create next step / state variant from an existing screen Native Screen Generation CC
Prototype from HTML/URL HTML-to-Figma Prototyping CC
Read-only inspection get_design_context / get_screenshot Direct
Review + Edit a screen Screen Review Loop CC
Apply design tokens Color Tokenization CC
Import + clean up Stitch export Stitch Import Cleanup CC
Discover variables/styles Variable Discovery Direct
Audit design system Design System Cleanup CC
Inspect finished design Design Audit Review Direct

Image Delivery (MANDATORY after every write)

Screenshots must reach the user as Telegram photo attachments — not as inline base64 text.

Workflow:

  1. Save to file — use --out \x3Cpath> flag so the PNG is written directly:

    node scripts/figma-mcp-cli.mjs get_screenshot \
  fileKey=\x3CfileKey> nodeId=\x3CnodeId> scale=2 \
  --out ~/workspace-dev-botti/screenshots/\x3Cname>.png

  2. Deliver to user — put MEDIA:\x3Cpath> on its own line in your reply:

    Hier ist der aktuelle Stand:
MEDIA:screenshots/validate.png

    OpenClaw extracts every MEDIA: line and sends the file as a native Telegram photo. The path is workspace-relative (screenshots/...) or absolute.

Two different tools — don't mix them up:

Tool Purpose Used for Image Delivery?
image tool Send to Vision model for analysis ❌ No — analysis only
MEDIA:\x3Cpath> in reply text Send as Telegram attachment ✅ Yes — actual delivery

Why --out? Without it, the Figma API returns base64-encoded JSON → renders as inline text in Telegram, not a photo. The --out flag decodes and writes a real PNG file that MEDIA: sends as an attachment.

Screenshot directory: ~/workspace-dev-botti/screenshots/ (create if missing)

Validation pattern (every write operation):

# After use_figma call — save screenshot → MEDIA: in reply
node scripts/figma-mcp-cli.mjs get_screenshot fileKey=\x3Ckey> nodeId=\x3Cid> scale=2 \
  --out ~/workspace-dev-botti/screenshots/validate.png
# Reply with:
# MEDIA:screenshots/validate.png

Stitch comparison: Stitch delivers via MEDIA:\x3CscreenshotUrl> (HTTP URL). Figma delivers via MEDIA:\x3Clocal-path> (file). Mechanism identical — only the source differs.

Hard Rules (Top 6)

These are non-negotiable. Full rule set: references/core-rules.md

  1. Validate after every writeget_screenshot or get_metadata after each use_figma call. Never assume success.
  2. Read → Understand → Fix → Retry — never blindly retry failed code, never rebuild as first response.
  3. Explicit over implicit — name exact variables, components, layout modes. Leave nothing to inference.
  4. Design-system-first — check local variables, styles, Code Connect, then libraries before creating anything raw.
  5. Component-instance-first — if a suitable existing design-system component exists, instantiate it instead of recreating it with local frames.
  6. Section-by-section — one logical section per use_figma call, validate between sections.

Known Gotchas

Before writing any use_figma code, know these failure modes:

→ Full reference: references/plugin-api-gotchas.md

  • Paint binding: setBoundVariableForPaint returns a new paint — reassign the fills/strokes array (#paint-binding)
  • Opacity reset: Paint binding resets opacity to 1.0 — save and restore explicitly (#opacity)
  • Page context: Always set page explicitly — figma.currentPage may reset between calls (#page-context)
  • FILL sizing: appendChild to auto-layout parent before setting layoutSizingHorizontal: "FILL" (#append-before-fill)
  • Async: Always await async operations — loadFontAsync, importComponentByKeyAsync, etc. (#promises)

Prompting Guidance

→ Full patterns: references/prompting-patterns.md

Key patterns: variable-first code structure, section-by-section execution, explicit design-system usage, validation loops, error recovery framing.

Install / Setup

If dependencies are missing, install them from the skill repo root:

npm install

Then run one-time bootstrap:

Setup (One-Time Bootstrap)

node ~/.openclaw/skills/figma-agent/scripts/auth.mjs

Reads CC OAuth token from ~/.claude/.credentials.json, writes it into ~/.openclaw/openclaw.json. Then restart the OpenClaw gateway.

Token check: node ~/.openclaw/skills/figma-agent/scripts/auth.mjs --check

On 401 errors: Open CC → use any Figma tool (auto-refreshes token) → re-run bootstrap script.

URL Parsing

figma.com/design/:fileKey/:name?node-id=:nodeId

Convert - to : in nodeId (e.g. 123-456123:456). For FigJam: figma.com/board/:fileKey/:name → use get_figjam.

Tool & Rate-Limit Reference

references/figma-api.md

Usage Guidance
Before installing or running this skill: - Do not run scripts/bootstrap-token.mjs or token-scanner.mjs until you inspect their source. They claim to locate and copy tokens from other MCP clients and to write them into your OpenClaw config — this reads local credential stores and modifies agent config. - Open the two scripts (bootstrap-token.mjs, token-scanner.mjs) and verify exactly which files/paths they read, whether they transmit tokens off-host, and what they write to ~/.openclaw/openclaw.json. Look for network calls, unexpected remote endpoints, or uploads. - If you only want to use the skill, prefer manual token provisioning: create the Figma MCP token yourself and add the mcp.servers.figma entry to your OpenClaw config manually instead of running an automated scanner. - Run the bootstrap step in an isolated environment (throwaway account or container) if you must use it, and monitor outbound network connections during execution. - Ask the publisher for an explicit list of file paths and credential stores the bootstrap script touches and for assurance (or a signature) that tokens are not exfiltrated. What would change this assessment: if the bootstrap/token-scanner scripts are limited to reading only a documented, minimal set of user-managed files (and perform no external uploads), if the skill explicitly documents and requests the config path permissions, and if the code is audited/verified to only transform local tokens into OpenClaw config without sending them elsewhere, the concern would be reduced.
Capability Analysis
Type: OpenClaw Skill Name: figma-agent Version: 0.3.0 The skill includes a 'bootstrap' mechanism (scripts/token-scanner.mjs and scripts/bootstrap-token.mjs) that scans local configuration directories of other applications, such as Claude Code (~/.claude), Codex (~/.codex), and Windsurf (~/.codeium), to extract and reuse Figma OAuth tokens. While this behavior is documented in SKILL.md as a setup convenience for the user, programmatically accessing and migrating credentials from third-party applications is a high-risk activity. There is no evidence of data exfiltration to non-Figma endpoints, as the scripts only communicate with api.figma.com and mcp.figma.com, but the capability to harvest secrets from the filesystem warrants a suspicious classification.
Capability Tags
cryptorequires-oauth-token
Capability Assessment
Purpose & Capability
The skill's declared purpose is Figma MCP integration (read/write design operations). Requiring Node and providing Figma tooling is coherent. However the repo and changelog describe a 'bootstrap' that scans other MCP client credential stores (Claude Code, Codex, Windsurf) and refreshes/writes Bearer tokens into OpenClaw config. Accessing other clients' credential stores and performing cross-client token extraction/refresh is not implied by the skill description and is not declared in requires.env or required config paths.
Instruction Scope
SKILL.md and README instruct maintainers/users to run scripts/bootstrap-token.mjs to extract/refresh tokens and to write to ~/.openclaw/openclaw.json and to restart the OpenClaw gateway. Those runtime instructions cause the agent (or the operator) to run code that reads local credential stores and modifies agent configuration — actions outside simple Figma read/write flows. The README also requires saving screenshots to user home/workspace paths (normal) but the token bootstrap step expands the scope to accessing local secrets/config files.
Install Mechanism
No remote downloads or installers are specified (no install spec), which reduces supply-chain risk. The package ships four scripts (bootstrap-token.mjs, token-scanner.mjs, figma-mcp*.mjs) that will run under Node. Because these scripts are bundled with the skill, the code will be executed locally if followed — review these files before executing. There are no external install URLs or archive extracts.
Credentials
The registry metadata declares no required env vars or primary credential, yet the skill expects a Figma MCP token and the bootstrap script is documented to scan other clients' credential stores and refresh tokens. Requesting the ability to read other tooling's credential stores and to write tokens into OpenClaw config is a high-privilege action that is not justified or declared in the skill metadata.
Persistence & Privilege
The skill does not set always:true and is user-invocable by default. README instructs modifying OpenClaw config (~/.openclaw/openclaw.json) and restarting the gateway to add the mcp.servers.figma entry. Writing its own configuration entry is reasonable for setup, but combined with the bootstrap behavior (scanning and copying tokens from other clients) it escalates privilege since it gains access to other clients' credentials and stores tokens in agent config. That write/replace behavior should be explicitly documented and audited.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install figma-agent
  3. After installation, invoke the skill by name or use /figma-agent
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Version 0.3.0 - Added an explicit "Execution model" section outlining Route & Brief, Execute, and Done Gate validation steps in the main skill documentation. - Emphasized that the Done Gate requires both structural and visual validation checks before reporting success. - Updated and clarified the workflow routing and usage recommendations. - Documentation improvements across referenced markdown files for playbooks and prompting patterns. - No functional or API-breaking changes—documentation and process clarification only.
v0.2.0
Workflow-driven Figma skill update: refreshed README, stronger routing and prompting guidance, copy-edit/state-variant docs, and improved image delivery documentation.
v0.1.2
- Unified architecture now clearly differentiates direct Figma reads from ACP coding session writes/edits. - Expanded documentation for setup, routing rules, capability groups, and review loop best practices. - Introduced explicit transparency rules: users are informed when operations require the heavier ACP write path. - Improved write safety: every write operation triggers a version-history checkpoint for easy rollback. - Enhanced error handling for authentication failures and rate limits, with clear user messaging. - Updated token management instructions and clarified token sourcing priorities.
v0.1.1
- Updated references from "Claude Code ACP sessions" to "ACP coding sessions" to support a wider range of coding agents (Claude Code, Codex, or others). - Clarified that write/edit/create operations are routed through any supported ACP coding agent instead of only Claude Code. - Improved documentation to reflect this broader agent support in usage guidelines and user-facing messaging. - No functional changes to APIs or environment requirements.
v0.1.0
Initial unified release of figma-agent with hybrid architecture for Figma read and write operations. - Combines direct Figma MCP reads with write/edit/create operations routed via Claude Code ACP, providing a seamless user experience. - Supports inspection, screen/context analysis, targeted edits, screenshot retrieval, and review loops. - Read operations use the Figma MCP for quick access; write operations leverage Claude Code with explicit user notification and version checkpointing. - Outlines routing heuristics, review loop flow, token management, and clear user messaging for auth failures and rate limits. - Details capabilities and limitations based on Figma's official Remote MCP support.
Metadata
Slug figma-agent
Version 0.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is Figma Agent?

Figma MCP integration for OpenClaw. Use when the user wants to read Figma designs, inspect design tokens/variables, work with Code Connect, or create/edit Fi... It is an AI Agent Skill for Claude Code / OpenClaw, with 187 downloads so far.

How do I install Figma Agent?

Run "/install figma-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Figma Agent free?

Yes, Figma Agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Figma Agent support?

Figma Agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Figma Agent?

It is built and maintained by Simeon (@rasimme); the current version is v0.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments