Figma Context MCP

MCP server to provide Figma layout information to AI coding agents like Cursor

CommunityActiveNot tested◆Official RegistryUpdated 4/3/2026

★ 14.1k↓ 67.5k/wknpm

Edit this page

MCPpedia
Score

No CVEsActivestdioMIT

How we score →

Should you use this server?

MCP server to provide Figma layout information to AI coding agents like Cursor

✓

Is it safe?

No known CVEs for figma-developer-mcp. 1 previously resolved.

No authentication — any process on your machine can connect to this server.

MIT. View license →

Last scanned 0 days ago.

✓

Is it maintained?

Last commit 5 days ago. 14,124 GitHub stars. 67,456 weekly downloads.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

0 tools. Token cost not measured.

What if it doesn't work?

Quick Install

{
  "mcpServers": {
    "Framelink Figma MCP": {
      "args": [
        "-y",
        "figma-developer-mcp",
        "--figma-api-key=YOUR-KEY",
        "--stdio"
      ],
      "command": "npx"
    }
  }
}

Setup guide

Required API Keys

FIGMA_API_KEYFigma Personal Access Token

1. Go to Figma Settings
2. Scroll to Personal Access Tokens
3. Click "Generate new token"
4. Replace YOUR-KEY in the config

Open Figma Personal Access Token page

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y figma-developer-mcp 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

89A

Scored 5h ago

How we score →

Security

30/30

Last scanned 5h ago

No open vulnerabilities. 1 fixed CVE.

✓

CVEs — 1 fixed CVE — update to 0.6.3check OSV.dev \u2192

○

Authentication — None required — easy to connect

✓

License — MITview license \u2192

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2025-15061Fixed

figma-developer-mcp vulnerable to command injection in get_figma_data tool

### Summary A command injection vulnerability exists in the `figma-developer-mcp` MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to `child_process.exec`, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the p

Affected: >= 0Fixed in 0.6.3Published Sep 30, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/figma-context-mcp)](https://mcppedia.org/s/figma-context-mcp)

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?