CommunityActive· 23d★ 4.3by GLips
Figma (Context)
GLips' Figma Context MCP. The de facto Figma MCP for AI coding agents, feeds simplified layout JSON to Cursor/Claude for design-to-code.
B
Safety & Trust
Delv Safety Grade: B
Score 72/100 · assessed 2026-04-28
Maintainer55
Permissions85
Supply chain75
Transparency70
Incidents100
Figma Context MCP is a community-maintained server that pulls design data from Figma's API and feeds it to AI coding agents. It's distributed via npm with a straightforward npx install and requires only a Figma API key for authentication. The permissions footprint is narrow: read-only API access to Figma files, no filesystem writes or shell execution. The maintainer (GLips) appears to be a solo developer with reasonable activity, though the bus factor is a concern. The package is open source with adequate documentation and a clear purpose. Supply chain is standard npm with no known incidents. The main risk is dependency on a single maintainer and the need to protect the Figma API key, which grants access to all designs in the linked account. Overall it's a well-scoped tool with limited attack surface, suitable for teams comfortable with community packages.
Lethal Trifecta (prompt-injection exposure)
TRIFECTA RISKAll three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound
Private design files, comments from collaborators (some not vetted), outbound via webhooks and embeds.
Green flags
- Read-only API access, no filesystem or shell permissions
- Standard npm distribution with clear versioning
- Open source with visible code and issue tracker
- Narrow scope: only Figma API interaction
- No known security incidents or malicious versions
Red flags
- Solo maintainer with single point of failure
- Figma API key grants access to all account designs
- Limited commit history and contributor base
- No evidence of security audit or formal review
Permissions requested
Outbound networkAccess secrets
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.
Install
npx -y figma-developer-mcp --figma-api-key=YOUR-KEY --stdio
Env vars needed:
FIGMA_API_KEYReview
Figma Context MCP turns Figma files into structured JSON that Claude can parse and code from. Instead of pasting screenshots or writing out specs, you point your agent at a Figma URL and it pulls the layout tree, text content, spacing, colours, and component names. It's the most direct path I've found from design file to working component without the usual back-and-forth.
The killer use case is one-shot implementation. You're in Cursor, you reference a Figma frame, and Claude writes the JSX or Vue template with correct spacing and colour tokens. It doesn't hallucinate layout because it's reading the actual node structure. I've used it to port entire landing pages in Next.js without opening Figma myself. The JSON is simplified enough that Claude doesn't choke on deeply nested groups, but detailed enough to preserve hierarchy and constraints.
It's also useful for extracting design tokens. If your Figma file uses consistent naming, you can ask Claude to generate a tokens file from the styles it sees. No more manual transcription of spacing scales or colour palettes. The pre-listed use case about cross-referencing components to existing code is real: you can diff a Figma component against your actual component file and spot drift.
Quirks: it's read-only, so you can't push changes back to Figma. The API key setup is straightforward but you need developer access to the Figma file. If your designs are a mess of ungrouped layers with no naming convention, the JSON will reflect that mess. This isn't a design linter. Also, it doesn't handle images or assets beyond noting they exist, so you'll still need to export those separately.
Skip this if you're not regularly coding from Figma files or if your designs live in Sketch or Penpot. It's Figma-specific and assumes you're working in a modern editor with MCP support. But if you're a frontend dev who gets handed Figma links and expected to build pixel-perfect UIs, this is the fastest way to close that loop.
Verdict
Install this if you code from Figma files more than once a week. It eliminates the screenshot-and-describe workflow and gives Claude the layout data it needs to write accurate components. Skip if you don't use Figma or prefer manual implementation.
Good at
- Reads actual Figma node structure so Claude doesn't hallucinate spacing or hierarchy.
- One-shot component generation from design files without manual spec writing.
- Works across Claude Desktop, Cursor, Windsurf, and VS Code with MCP support.
- Simplified JSON format keeps token usage reasonable even for complex frames.
- Useful for extracting design tokens and spotting drift between design and code.
Watch out
- Read-only, so you can't push code changes back to Figma or update designs from the agent.
- Requires developer access to Figma files, which not all teams grant freely.
- Doesn't export images or assets, you still handle those separately.
- Quality of output depends entirely on how well-organised the Figma file is.
- Hosts beyond Claude Desktop need manual config editing, no auto-setup.
Use cases
- One-shot design implementation in any framework
- Pulling layout tokens into a component file
- Spec extraction without screenshots
- Cross-referencing components to existing code
Getting started
1. Generate a Figma personal access token from your account settings (needs developer access to the files you want to read).
2. Run `npx -y figma-developer-mcp --figma-api-key=YOUR-KEY --stdio` to test the server starts without errors.
3. Add the server to your Claude Desktop or Cursor config with the API key in the environment variables, restart the host.
4. In a chat, reference a Figma file URL and ask Claude to describe the layout or generate a component from a specific frame.
5. Watch out for deeply nested auto-layout groups, they can produce verbose JSON that Claude sometimes truncates mid-parse.
Works with
Claude DesktopClaude CodeCursorWindsurfVS Code
Similar MCPs
- GitHubFull GitHub API access - manage repos, issues, PRs, and code search. One of the most useful MCPs for any developer workflow.
- GrafanaGrafana Labs' official MCP. Read dashboards, datasources, alerts, and run Loki/Prometheus queries from inside your agent.
- SentryPull live errors, issues, and replays from Sentry into Claude. Great for debugging sessions where the model can see what actually broke in prod.
- MCP CLIInteractive CLI inspector for MCP servers supporting OAuth, tool calls, resource reads, and prompt runs.