MCP Figma

38 tools. 25 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

25 can modify or destroy data
13 read-only
38 tools total

Community server · catalogue entry verified 04/07/2026

How to control MCP Figma ↓

What MCP Figma exposes to your agents

Read (13) Write / Execute (23) Destructive / Financial (2)
Critical Risk

The most dangerous MCP Figma tools

25 of MCP Figma's 38 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control MCP Figma

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Figma, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_multiple_nodes": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "clone_node": {
    "limits": [
      {
        "counter": "clone_node_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "export_node_as_image": {
    "limits": [
      {
        "counter": "export_node_as_image_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCP Figma — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP FIGMA →

Instant setup, no code required.

All 38 MCP Figma tools

WRITE 23 tools
Write clone_node Clone an existing node in Figma Write create_component_instance Create an instance of a component in Figma Write create_connections Create connections between nodes using the default connector style Write create_frame Create a new frame in Figma Write create_rectangle Create a new rectangle in Figma Write create_text Create a new text element in Figma Write join_channel Join a specific channel to communicate with Figma Write move_node Move a node to a new position in Figma Write resize_node Resize a node in Figma Write set_annotation Create or update an annotation Write set_axis_align Set primary and counter axis alignment for an auto-layout frame in Figma Write set_corner_radius Set the corner radius of a node in Figma Write set_default_connector Set a copied connector node as the default connector Write set_fill_color Set the fill color of a node in Figma can be TextNode or FrameNode Write set_instance_overrides Apply previously copied overrides to selected component instances. Target instances will be swapped to the sou Write set_item_spacing Set distance between children in an auto-layout frame Write set_layout_mode Set the layout mode and wrap behavior of a frame in Figma Write set_layout_sizing Set horizontal and vertical sizing modes for an auto-layout frame in Figma Write set_multiple_annotations Set multiple annotations parallelly in a node Write set_multiple_text_contents Set multiple text contents parallelly in a node Write set_padding Set padding values for an auto-layout frame in Figma Write set_stroke_color Set the stroke color of a node in Figma Write set_text_content Set the text content of an existing text node in Figma

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about MCP Figma

Can an AI agent delete data through the MCP Figma MCP server? +

Yes. The MCP Figma server exposes 2 destructive tools including delete_multiple_nodes, delete_node. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP Figma? +

The MCP Figma server has 23 write tools including clone_node, create_component_instance, create_connections. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Figma.

How many tools does the MCP Figma MCP server expose? +

38 tools across 3 categories: Destructive, Read, Write. 13 are read-only. 25 can modify, create, or delete data.

How do I enforce a policy on MCP Figma? +

Register the MCP Figma MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Figma tool call.

Deterministic rules across all 38 MCP Figma tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

38 MCP Figma tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.