Read Figma files and write content back to the canvas.
The materials indicate this is an open-source MIT-licensed third-party MCP tool that reads Figma files via a REST API and writes to the Figma canvas through a WebSocket bridge. No explicit malicious red flags are evident, but it does execute local code and lacks clear documentation on network endpoints and maintenance, so the overall posture is cautionary.
The materials state that no keys or environment variables are required, and there is no explicit request for API tokens, passwords, or other highly sensitive credentials. However, the missing README leaves the real authentication path unclear, so deployment should verify whether it implicitly relies on a Figma login session or local credentials.
The description explicitly says it reads Figma files via a REST API and writes to the Figma canvas through a WebSocket bridge, so network egress is involved. However, no remote host is listed, and the exact WebSocket bridge destination and data flow are not transparent, so users should verify that it only connects to expected Figma or local bridge endpoints before use.
The system flags this tool as executes-code, indicating it has the normal MCP capability to start local processes or execute code. This is an inherent property of such tools and not by itself a high-risk signal, but it should still be run in a constrained environment with minimal system privileges.
Based on the description, its main data scope is reading Figma file contents and writing changes to the Figma canvas. The materials do not indicate broad local file access or obvious overprivileged data access, but design content read/write should still be treated as potentially sensitive business data.
Positive signals include that it is open source and MIT licensed, so the code is in principle auditable. However, it comes from a third-party registry, has 0 GitHub stars, unknown maintenance status, and no README, so transparency and maturity are limited and the supply-chain trust level remains cautionary.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "figma-mcp-hybrid" yet — see the docs or source repo.
Read the homepage structure in this Figma file. List all Frames, Sections, and major component names, organized by hierarchy.
A structured inventory of the homepage design, including hierarchy and major component names.
Create a login page wireframe on the current Figma canvas with a title, subtitle, email field, password field, login button, and forgot-password link in a simple layout.
A login-page wireframe is created on the canvas with the requested elements and basic layout.
Read the button components in this Figma file, analyze state differences, and write explanatory notes next to each corresponding component.
A button state analysis is produced, and notes are written onto the canvas for team collaboration.
Let AI read and modify Figma canvas elements for faster design workflows.
Connect Figma files to extract data, capture screens, and generate code.
Connect Figma design files to AI assistants for access, management, and collaboration.
Let AI read and edit Figma files for faster design workflows.
Let AI inspect and edit the currently open Figma desktop file.
Connect local Figma to AI for file inspection and node export.