figma-automation

SUSPICIOUS: the skill’s core purpose matches its Figma capabilities, and the MCP endpoint appears official to Composio/Rube, so this is not malware. However, the setup guidance is misleading about authentication, and all Figma data and actions flow through a third-party intermediary rather than directly to Figma, creating medium security risk and trust concerns.