Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.figma-console-mcp.southleft.com/llms.txt

Use this file to discover all available pages before exploring further.

Figma Console MCP is designed with security as a priority. The project is fully open source (MIT licensed), allowing complete code auditing by security teams.

Architecture Security

Deployment Modes

Local Mode

Recommended for security-sensitive environments
  • Runs entirely on localhost via stdio
  • Zero external network calls
  • All communication stays local

Remote Mode

For browser-based MCP clients
  • SSE transport via Cloudflare Workers
  • OAuth tokens handled server-side
  • All traffic encrypted (HTTPS)

Data Handling

AspectDetails
Data StorageNone. No design data is persisted or cached to disk.
TelemetryNone. No analytics, tracking, or usage data collection.
LoggingLocal only. Logs stay on your machine.
CredentialsStored in your local MCP config, never transmitted to third parties.

Authentication

Figma Console MCP uses Figma’s native authentication:
  • Generated in Figma account settings
  • Stored locally in your MCP client config
  • Never transmitted except to api.figma.com
  • Scoped permissions based on token configuration
  • Uses Figma’s official OAuth 2.0 flow
  • Tokens managed via Figma’s authorization servers
  • No custom credential handling

Code Execution (figma_execute)

The figma_execute tool runs JavaScript in Figma’s plugin context:
Code runs in Figma’s plugin sandbox, not your system. It cannot access your filesystem, network, or other applications.
Sandbox limitations:
  • No filesystem access
  • No network access outside Figma’s plugin APIs
  • Cannot access other browser tabs or system resources
  • Can only modify the currently open Figma file
Mitigations:
  • Desktop Bridge must be manually started
  • All execution is user-initiated
  • Changes covered by Figma’s version history

Data Access Scope

Data TypeAccess
Variables/TokensRead
ComponentsRead
StylesRead
File StructureRead
Console LogsRead
Design ModificationsWrite (via Desktop Bridge)

Network Security

All network communication is limited to:
  • api.figma.com — Figma’s official REST API (HTTPS)
  • localhost:9223–9232 — WebSocket Bridge (Desktop Bridge Plugin communication, port range for multi-instance support)
  • *.workers.dev — Remote mode only (HTTPS)

WebSocket Bridge Security

  • Localhost-only binding — The WebSocket server binds to localhost only, not accessible from external networks
  • No authentication required — Since it’s localhost-only, the attack surface is limited to local processes
  • Request/response correlation — Each command uses a unique correlation ID to prevent response confusion
  • Per-file isolation — Multiple connected Figma files maintain independent state (selection, changes, console logs)
No external dependencies at runtime — No third-party analytics, CDNs, or external API calls beyond Figma.

Vendor Trust & Compliance

Vendor Identity

Figma Console MCP is built and maintained by Southleft, LLC. For security or legal inquiries that require a direct contact (vendor questionnaires, DPAs, procurement reviews), email info@southleft.com. For vulnerability reports, prefer the private security advisory flow.

Formal Attestations

Southleft does not currently hold SOC 2, ISO 27001, or equivalent third-party attestations for Figma Console MCP. The product is intentionally designed so that — particularly in Local mode — there is no vendor-side data processing that would require such attestations:
  • No Southleft-hosted service in the data path
  • No data persistence, telemetry, or analytics
  • No accounts, no user database, no logs leaving your machine
The complete source is MIT-licensed and available for audit on GitHub. Releases are published to npm as figma-console-mcp.

Data Processing & DPA

ModeSouthleft’s RoleDPA Applicability
Local ModeNot a data processor. Southleft has no access to design data, credentials, or user information. All traffic is between your machine and Figma.A DPA is not applicable — Southleft does not receive or process customer data.
Remote ModeOperates the Cloudflare Worker that brokers OAuth and proxies requests to Figma. No design data is persisted.A DPA can be provided on request. Email info@southleft.com.

Sub-processors

ModeSub-processors
Local ModeNone.
Remote ModeCloudflare (Workers hosting, traffic transit), Figma (authentication and design API).
Figma is always in scope as the upstream platform regardless of mode, since Figma Console MCP is a client to the Figma API.

Compliance Posture

StandardStatus
SOC 2 / ISO 27001Not currently attested. Minimal surface in Local mode (no vendor-side data storage or processing).
GDPRNo personal data collected or processed by Southleft. Customers remain controllers of any data they choose to send to Figma via the tool.
HIPAANot applicable. The product is not designed for or marketed to handle PHI.

Enterprise Considerations

1

Use Local Mode

Deploy with stdio transport for zero external network calls
2

Self-Host (Optional)

Run your own Cloudflare Worker instance. See Self-Hosting Guide.
3

Allowlist Figma API

Only api.figma.com needs network access
4

Audit Source Code

Complete source available on GitHub

Vulnerability Reporting

To report a security vulnerability:
  1. Open a private security advisory on GitHub
  2. Include steps to reproduce and potential impact
  3. We aim to respond within 48 hours
Please use GitHub’s private security advisory feature rather than public issues.

Security Checklist

Questions?

For security inquiries, open a GitHub Discussion or use the private security advisory feature for sensitive matters.