Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
Figma MCP Server
A ModelContextProtocol server that enables AI assistants to interact with Figma files. This server provides tools for viewing, commenting, and analyzing Figma designs directly through the ModelContextProtocol.
Features
- Add a Figma file to your chat with Claude by providing the url
- Read and post comments on Figma files
Setup with Claude
-
Download and install Claude desktop app from claude.ai/download
-
Get a Figma API Key (figma.com -> click your name top left -> settings -> Security). Grant
File contentandCommentsscopes. -
Configure Claude to use the Figma MCP server. If this is your first MCP server, run the following in terminal.
echo '{
"mcpServers": {
"figma-mcp": {
"command": "npx",
"args": ["figma-mcp"],
"env": {
"FIGMA_API_KEY": "<YOUR_API_KEY>"
}
}
}
}' > ~/Library/Application\ Support/Claude/claude_desktop_config.json
If it's not, copy the figma-mcp block to your claude_desktop_config.json
-
Restart Claude Desktop.
-
Look for the hammer icon with the number of available tools in Claude's interface to confirm the server is running.
Example usage
Start a new chat with claude desktop and paste the following
What's in this figma file?
https://www.figma.com/design/MLkM98c1s4A9o9CMnHEyEC
Demo of a more realistic usage
https://www.loom.com/share/0e759622e05e4ab1819325bcf6128945?sid=bcf6125b-b5de-4098-bf81-baff157e3dc3
Development Setup
Running with Inspector
For development and debugging purposes, you can use the MCP Inspector tool. The Inspector provides a visual interface for testing and monitoring MCP server interactions.
Visit the Inspector documentation for detailed setup instructions and usage guidelines.
The command to test locally with Inspector is
npx @modelcontextprotocol/inspector npx figma-mcp
Local Development
- Clone the repository
- Install dependencies:
npm install
- Build the project:
npm run build
- For development with auto-rebuilding:
npm run watch
Available Tools
The server provides the following tools:
add_figma_file: Add a Figma file to your context by providing its URLview_node: Get a thumbnail for a specific node in a Figma fileread_comments: Get all comments on a Figma filepost_comment: Post a comment on a node in a Figma filereply_to_comment: Reply to an existing comment in a Figma file
Each tool is designed to provide specific functionality for interacting with Figma files through the ModelContextProtocol interface.
FAQs
ModelContextProtocol server for Figma
The npm package figma-mcp receives a total of 2,765 weekly downloads. As such, figma-mcp popularity was classified as popular.
We found that figma-mcp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026