Stats
Actions
Tags
From framer-pack
Applies Framer security best practices for API keys, plugin auth, server access: credential storage, client proxies, key rotation scripts, checklists.
How this skill is triggered — by the user, by Claude, or both
Slash command
/framer-pack:framer-security-basicsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Security best practices for Framer API keys, plugin development, and Server API access.
Security best practices for Framer API keys, plugin development, and Server API access.
| Credential | Scope | Where to Store |
|---|---|---|
Server API Key (framer_sk_*) | Per-site | Secrets vault |
| Site ID | Per-site | Can be in config |
| Plugin auth tokens | Per-user session | Never persist |
# .env (never commit)
FRAMER_API_KEY=framer_sk_abc123...
FRAMER_SITE_ID=abc123
# .gitignore
.env
.env.local
// Plugins run in Framer's iframe sandbox — limited browser APIs
// Never store secrets in plugin code (it's client-side)
// Fetch external data through your own API proxy
const data = await fetch('https://your-api.com/framer-data', {
headers: { 'Authorization': `Bearer ${sessionToken}` },
});
# 1. Generate new key in Framer site settings
# 2. Update in secrets vault
# 3. Test connection
node -e "
const { framer } = require('framer-api');
framer.connect({ apiKey: process.env.FRAMER_API_KEY, siteId: process.env.FRAMER_SITE_ID })
.then(() => console.log('OK'))
.catch(e => console.error('FAIL', e.message));
"
# 4. Revoke old key in site settings
.env in .gitignoreframer_sk_* leaksFor production deployment, see framer-prod-checklist.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin framer-packInstalls and configures Framer authentication for editor plugins or Server API. Scaffolds Vite+React plugin projects and sets up API keys with env vars.
Secures Figma API integrations: stores tokens safely, configures least-privilege scopes, rotates credentials, verifies webhook passcodes.
Implements XSS prevention, CSP configuration, safe DOM manipulation, and client-side vulnerability fixes for secure frontend development.