claude2figma-design-system-harness

SUSPICIOUS. The skill’s capabilities are broadly aligned with its stated Figma design-system purpose, and there is no strong evidence of credential theft or covert exfiltration. The main issue is install/execution trust: the skill is distributed via direct GitHub clone with no release verification, and its Figma MCP setup guidance appears inconsistent with current official install guidance, which raises medium supply-chain risk rather than malicious intent.