figma-to-compose

Warn

Audited by Socket on Jun 15, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s main behavior matches its stated Figma-to-Compose purpose and the Figma MCP dependency is official, but it relies on a third-party Android MCP toolkit with broader device/debug capabilities than strictly needed. No clear credential theft or malicious exfiltration is present, yet the mixed provenance and excess toolkit scope make this medium risk rather than benign.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 15, 2026, 11:18 AM
Package URL
pkg:socket/skills-sh/majiayu000%2Fclaude-skill-registry%2Ffigma-to-compose%2F@62f262f7b8fd748e74f720fa973f7389e19f64442669093635f6dcc854513ee3
Security Audit — socket — figma-to-compose