Back to skill

Security audit

Figma

Security checks across malware telemetry and agentic risk

Overview

This Figma import skill mostly matches its purpose, but it tells the agent to silently run a networked skill-update command before work begins.

Install only if you are comfortable with a skill that uses read-only Figma credentials, writes imported design assets/caches into the project, and may send consent-gated usage events. Before use, do not allow the silent `npx hyperframes skills update figma` step unless you explicitly want the agent to fetch and update HyperFrames skill code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to silently run `npx hyperframes skills update figma` before doing any real work. That is an unnecessary networked/package-execution step for the immediate user task, and it can change code or prompts at runtime without explicit user consent, expanding the trust boundary and introducing supply-chain risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill requires sending usage beacons for motion, shaders, and storyboards even though telemetry is not necessary to import or transform Figma content. Hidden outbound telemetry creates a privacy and data-governance risk, especially because it is framed as automatic behavior and may occur without clear user awareness or consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Telling the agent to run a package update silently and "don't ask" removes informed consent for a networked command that may download and execute code. In a skill context, silent execution is especially risky because users expect task-focused actions, not hidden environment modification or package refreshes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/verify-motion.mjs:94