← 返回 Skills 市场
1495
总下载
0
收藏
4
当前安装
5
版本数
在 OpenClaw 中安装
/install kai-tw-figma
功能描述
Interact with Figma files to read structure, export layers as images, and retrieve comments using the Figma REST API with authentication.
使用说明 (SKILL.md)
Figma Skill
This skill allows the agent to interact with Figma files via the REST API.
Setup
Requires a Figma Personal Access Token (PAT).
Environment Variable: FIGMA_TOKEN
Procedures
1. Read File Structure
To understand the contents of a Figma file (pages, frames, layers):
python scripts/figma_tool.py get-file \x3Cfile_key>
2. Export Images
To export specific layers/components as images:
python scripts/figma_tool.py export \x3Cfile_key> --ids \x3Cid1>,\x3Cid2> --format \x3Cpng|jpg|svg|pdf> --scale \x3C1|2|3|4>
3. Check Comments
To list recent comments on a file:
python scripts/figma_tool.py get-comments \x3Cfile_key>
References
安全使用建议
This skill appears to do what it claims, but take normal precautions: only install from trusted sources; supply a Figma PAT with the minimum required scope and rotate it if you stop using the skill; run exports in a safe/isolated working directory (the tool writes files to CWD); be aware the script will download image URLs returned by the Figma API (so inspect logs or filenames if you worry about unexpected hosts); and review the included script before use if you want to verify there are no changes beyond read-only API calls.
功能分析
Type: OpenClaw Skill
Name: kai-tw-figma
Version: 1.0.3
The OpenClaw AgentSkill for Figma is classified as benign. The skill's code (`scripts/figma_tool.py`) and documentation (`SKILL.md`, `README.md`) clearly outline its purpose: interacting with the Figma REST API to read file structures, retrieve comments, and export assets. It uses `argparse` for robust command-line argument parsing, mitigating direct shell injection vulnerabilities from user input. The `FIGMA_TOKEN` is handled securely via environment variables, and all network communication is directed to the official Figma API. The `README.md` explicitly addresses security concerns and clarifies that the skill only performs read-only operations on Figma files and does not interact with unrelated system files or arbitrary endpoints. There is no evidence of intentional data exfiltration, persistence mechanisms, or malicious prompt injection attempts against the agent.
能力评估
Purpose & Capability
Name/description match the actual functionality. The only required environment variable is FIGMA_TOKEN, which is exactly what a Figma API client needs. The scripts expose read-only endpoints (file, comments, team/project listing) and image export — all aligned with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included CLI script and only references the FIGMA_TOKEN. The script makes HTTP requests to api.figma.com and downloads image URLs returned by the Figma images endpoint. The skill writes exported image files to the current working directory (documented in README). There are no instructions to read unrelated local files or send data to unexpected external endpoints.
Install Mechanism
No install specification is provided (instruction-only skill with included Python script). Nothing is downloaded or installed automatically; no external archives or third-party packages are pulled by an installer.
Credentials
Only FIGMA_TOKEN is required. That single credential is proportional to a Figma API client. The README appropriately flags FIGMA_TOKEN as sensitive. The code only reads that env var and does not request other credentials.
Persistence & Privilege
always is false and the skill does not request persistence or modify other skills or system settings. It can be invoked autonomously per platform defaults, which is expected for a tool-like skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install kai-tw-figma - 安装完成后,直接呼叫该 Skill 的名称或使用
/kai-tw-figma触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Fix: Declare FIGMA_TOKEN as required environment variable using proper metadata.openclaw.requires.env structure - resolves registry metadata inconsistency
v1.0.2
Fix: resolve remaining security scan issues - proper required_env declaration in SKILL.md, expanded security documentation in README, clarify read-only API scope and file writing behavior
v1.0.1
Fix: Declare FIGMA_TOKEN as required credential in metadata to resolve clawhub security scan inconsistency
v1.0.0
Security fixes: remove SSL unverified context (MITM vulnerability), implement get-project-files method, remove unused variables and imports
v0.0.1
Initial release providing Figma API integration.
- Read Figma file structures (pages, frames, layers)
- Export layers or components as images in multiple formats (PNG, JPG, SVG, PDF)
- Retrieve recent comments from Figma files
- Requires Figma Personal Access Token for setup
元数据
常见问题
Figma 是什么?
Interact with Figma files to read structure, export layers as images, and retrieve comments using the Figma REST API with authentication. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1495 次。
如何安装 Figma?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install kai-tw-figma」即可一键安装,无需额外配置。
Figma 是免费的吗?
是的,Figma 完全免费(开源免费),可自由下载、安装和使用。
Figma 支持哪些平台?
Figma 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Figma?
由 kai-tw(@kai-tw)开发并维护,当前版本 v1.0.3。
推荐 Skills