{"id":"grab-cursor-talk-to-figma-mcp","name":"cursor-talk-to-figma-mcp","homepage":"https://www.figma.com/community/plugin/1485687494525374295/cursor-talk-to-figma-mcp-plugin","repo_url":"https://github.com/grab/cursor-talk-to-figma-mcp","category":"ai-ml","subcategories":[],"tags":["mcp","model-context-protocol","figma","figjam","agentic-ai","automation","cursor","websocket","design-tools","typescript"],"what_it_does":"Provides an MCP server (plus a companion WebSocket + Figma plugin) that lets an AI agent read Figma/FigJam documents and programmatically modify design elements (e.g., text, layout, styling, components/overrides, connections, annotations) via MCP tools.","use_cases":["Read document/selection info from Figma for agent-driven edits","Batch replace or re-chunk text nodes and update multiple nodes efficiently","Apply auto-layout properties (layout mode, padding, spacing, sizing, alignment)","Modify styling (fill/stroke/corner radius) and reposition/resize/clone/delete nodes","Work with component instances by extracting and setting instance overrides","Convert prototype reactions into FigJam connector lines and flows","Create/update native annotations and batch annotation operations","Scan nodes by types to find targets for downstream edits"],"not_for":["Security-critical automation without additional hardening (no explicit auth shown in docs)","Operations requiring fine-grained permissions/auditing per user/project out of the box","Production deployments needing documented operational guarantees (SLA, uptime, incident handling)","High-reliability bulk edits without validating idempotency and failure modes"],"best_when":"You have an interactive agent workflow (Cursor/Claude Code) connected to a developer-run local WebSocket + MCP server and you want structured, tool-based access to Figma for iterative design automation.","avoid_when":"You need network-accessible, internet-facing endpoints or strong access control without adding your own authentication/authorization layer around the WebSocket/MCP server.","alternatives":["Figma Plugin API with a custom agent integration (agent calls your plugin backend)","Direct use of Figma REST API (where applicable) combined with custom tooling","Other MCP integrations for design tools, if they provide similar tool coverage and stronger auth patterns"],"af_score":50.2,"security_score":33.2,"reliability_score":36.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T14:56:53.251875+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["None documented (local socket/plugin workflow; no auth described in README)"],"oauth":false,"scopes":false,"notes":"README describes joining a channel and running a local WebSocket server but does not document authentication, authorization, or per-user permissions for the MCP/WebSocket endpoints."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing not mentioned; npm package and developer-run Figma interactions imply costs are primarily your infrastructure/agent usage."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":50.2,"security_score":33.2,"reliability_score":36.2,"mcp_server_quality":75.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":25.0,"rate_limit_clarity":0.0,"tls_enforcement":50.0,"auth_strength":20.0,"scope_granularity":0.0,"dependency_hygiene":55.0,"secret_handling":50.0,"security_notes":"No authentication/authorization is described in the provided README for MCP/WebSocket usage. WebSocket hostname change for Windows/WSL suggests network exposure can be configured; without auth this increases risk if reachable beyond localhost. TLS enforcement and secret handling practices are not documented. Dependencies listed are general libraries; no vulnerability posture is described in the provided materials.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":50.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"README advises commands may throw exceptions, but does not describe idempotency guarantees (e.g., safe retries without duplicating changes).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Must join a channel before sending commands (ordering dependency)","Bulk/scan operations on large designs may require chunking parameters (agent must pass/choose them)","Some operations are not fully supported (e.g., export returning base64 as text is noted as limited)","Failure modes for destructive operations (delete) and repeated runs are not described; agent should verify node existence/state before/after edits"]}}