This document outlines the security architecture and practices for Figma Console MCP.
Figma Console MCP is designed with security as a priority. The project is fully open source (MIT licensed), allowing complete code auditing by security teams.
Local Mode (Recommended for Security-Sensitive Environments)
- Runs entirely on
localhostvia stdio transport - Zero external network calls
- All communication stays on the local machine
- Figma API calls go directly from your machine to Figma's servers
Remote Mode (Cloudflare Workers)
- Uses SSE transport through Cloudflare Workers
- OAuth tokens are handled server-side
- Suitable for browser-based MCP clients
- All traffic encrypted via HTTPS
| Aspect | Details |
|---|---|
| Data Storage | None. No design data is persisted or cached to disk. |
| Telemetry | None. No analytics, tracking, or usage data collection. |
| Logging | Local only. Logs stay on your machine and are not transmitted. |
| Credentials | Stored in your local MCP client configuration, never transmitted to third parties. |
Figma Console MCP uses Figma's native authentication mechanisms:
- Generated in Figma account settings
- Stored locally in your MCP client config
- Never transmitted except to Figma's API (
api.figma.com) - Scoped permissions based on token configuration
- Uses Figma's official OAuth 2.0 flow
- Tokens managed via Figma's authorization servers
- No custom credential handling
The figma_execute tool allows running JavaScript in Figma's plugin context. Security considerations:
- Code runs in Figma's plugin sandbox, not your system
- No filesystem access
- No network access outside Figma's plugin APIs
- Cannot access other browser tabs or system resources
- Can only modify the currently open Figma file
- Requires Desktop Bridge plugin to be explicitly running
- Changes are made to your Figma file (covered by Figma's version history)
- All code execution is logged
- Desktop Bridge must be manually started by the user
- No autonomous execution without user-initiated prompts
Figma Console MCP can access:
| Data Type | Access Level | Notes |
|---|---|---|
| Variables/Tokens | Read | Requires Enterprise for REST API, or Desktop Bridge |
| Components | Read | Component metadata and properties |
| Styles | Read | Color, text, and effect styles |
| File Structure | Read | Pages, frames, layers |
| Console Logs | Read | From plugins you're debugging |
| Design Modifications | Write | Only via figma_execute with Desktop Bridge |
Cannot access:
- Your filesystem
- Other applications
- Browser data
- Network resources outside Figma
- Other Figma files (only the currently open file)
All network communication is limited to:
api.figma.com- Figma's official REST API (HTTPS)localhost:9223–9232- Local Desktop Bridge WebSocket communication*.workers.dev- Remote/Cloud mode only (HTTPS)
- No third-party analytics services
- No CDN dependencies
- No external API calls beyond Figma
- SOC 2: No data storage means minimal compliance surface
- GDPR: No personal data collection or processing
- HIPAA: Not applicable (no health data handling)
For maximum security, enterprises can:
- Use Local Mode exclusively (no external network calls)
- Self-host the Cloudflare Worker (see Self-Hosting Guide)
- Audit the complete source code on GitHub
- Run behind corporate firewalls with only
api.figma.comallowlisted
- Token permissions are controlled via Figma's account settings
- Desktop Bridge requires manual activation per session
- No persistent background processes
If you discover a security vulnerability, please report it responsibly:
- Open a private security advisory on GitHub
- Do not open a public GitHub issue for security vulnerabilities
- Include steps to reproduce and potential impact
- We aim to respond within 48 hours
- Open source and auditable (MIT license)
- No data persistence or storage
- No telemetry or analytics
- Uses platform-native authentication (Figma OAuth/PATs)
- Code execution sandboxed in Figma plugin environment
- Local-only deployment option available
- All network traffic encrypted (HTTPS)
- No third-party runtime dependencies
- Responsible disclosure process documented
For security-related inquiries, open a GitHub Discussion or use the private security advisory feature for sensitive matters.