figma-to-compose
Warn
Audited by Socket on Jun 15, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The skill’s main behavior matches its stated Figma-to-Compose purpose and the Figma MCP dependency is official, but it relies on a third-party Android MCP toolkit with broader device/debug capabilities than strictly needed. No clear credential theft or malicious exfiltration is present, yet the mixed provenance and excess toolkit scope make this medium risk rather than benign.
Confidence: 100%Severity: 60%
Audit Metadata