penpot-mcp
Provides Penpot’s official Model Context Protocol (MCP) server and an accompanying Penpot plugin. The MCP server exposes tools that let an AI client retrieve, transform, and create design elements in a Penpot design file by routing requests through a WebSocket-connected Penpot plugin.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security guidance is mostly about local browser network connectivity (PNA) rather than transport security or access control. The README discusses WebSocket connectivity and remote-mode behavior (disabling file system access), but it does not document authentication, authorization, TLS usage, or rate limiting for the MCP endpoints. Treat remote exposure as high risk unless the operator adds network controls (firewalls/VPN) and verifies the underlying implementation of the MCP plugin connection.
⚡ Reliability
Best When
Used locally with the Penpot plugin UI open for interactive design workflows, or in controlled environments where remote exposure is protected and the operator understands WebSocket/network security risks.
Avoid When
Avoid exposing the MCP/WS endpoints to the public internet or untrusted networks; avoid relying on documented retry/idempotency behavior since it’s not specified in the provided materials.
Use Cases
- • LLM-assisted querying of Penpot design files
- • Automated transformations of design elements (e.g., generate variants, update properties)
- • Creation of new design elements from structured instructions
- • Design-to-design or code-to-design workflows via MCP tooling
Not For
- • Untrusted multi-tenant environments without strict network/access controls
- • Use cases requiring strong built-in authentication/authorization guarantees at the MCP layer (not described here)
- • Operations needing robust, documented idempotency guarantees for retries
- • Production deployments where vendor SLA/uptime and change history are critical and not documented
Interface
Authentication
Authentication/authorization mechanisms for the MCP server endpoints are not described in the provided README. The plugin connection and environment/network controls likely gate access, but details are not documented here.
Pricing
No pricing information provided; appears to be self-hosted/open-source tooling under MPL-2.0.
Agent Metadata
Known Gotchas
- ⚠ Browser private network access (PNA) restrictions may require explicit permission to connect to localhost for the plugin UI to reach the WebSocket server.
- ⚠ The plugin UI must remain open; closing it closes the connection.
- ⚠ If the MCP client uses stdio transport, a proxy such as mcp-remote is required to reach the HTTP/SSE endpoints.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for penpot-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.