framer-security-basics

Solid

Apply Framer security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Framer security configuration. Trigger with phrases like "framer security", "framer secrets", "secure framer", "framer API key security".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
93
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Framer Security Basics ## Overview Security best practices for Framer API keys, plugin development, and Server API access. ## Instructions ### Step 1: Credential Management | Credential | Scope | Where to Store | |-----------|-------|----------------| | Server API Key (`framer_sk_*`) | Per-site | Secrets vault | | Site ID | Per-site | Can be in config | | Plugin auth tokens | Per-user session | Never persist | ```bash # .env (never commit) FRAMER_API_KEY=framer_sk_abc123... FRAMER_SITE_ID=abc123 # .gitignore .env .env.local ``` ### Step 2: Plugin Security ```tsx // Plugins run in Framer's iframe sandbox — limited browser APIs // Never store secrets in plugin code (it's client-side) // Fetch external data through your own API proxy const data = await fetch('https://your-api.com/framer-data', { headers: { 'Authorization': `Bearer ${sessionToken}` }, }); ``` ### Step 3: Server API Key Rotation ```bash # 1. Generate new key in Framer site settings # 2. Update in secrets vault # 3. Test connection node -e " const { framer } = require('framer-api'); framer.connect({ apiKey: process.env.FRAMER_API_KEY, siteId: process.env.FRAMER_SITE_ID }) .then(() => console.log('OK')) .catch(e => console.error('FAIL', e.message)); " # 4. Revoke old key in site settings ``` ### Step 4: Security Checklist - [ ] API keys in environment variables, never in code - [ ] `.env` in `.gitignore` - [ ] Plugin never stores or exposes API keys - [ ] Server API accessed only from b...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

framer-install-auth

Install and configure Framer SDK/CLI authentication. Use when setting up a new Framer integration, configuring API keys, or initializing Framer in your project. Trigger with phrases like "install framer", "setup framer", "framer auth", "configure framer API key".

2,266 Updated today
jeremylongshore
AI & Automation Featured

framer-sdk-patterns

Apply production-ready Framer SDK patterns for TypeScript and Python. Use when implementing Framer integrations, refactoring SDK usage, or establishing team coding standards for Framer. Trigger with phrases like "framer SDK patterns", "framer best practices", "framer code patterns", "idiomatic framer".

2,266 Updated today
jeremylongshore
AI & Automation Featured

figma-security-basics

Secure Figma API tokens, configure scopes, and validate webhook signatures. Use when securing API keys, implementing least-privilege scopes, or auditing Figma security configuration. Trigger with phrases like "figma security", "figma secrets", "secure figma token", "figma scopes", "figma webhook verify".

2,266 Updated today
jeremylongshore
AI & Automation Featured

klaviyo-security-basics

Apply Klaviyo security best practices for API key management and access control. Use when securing API keys, configuring OAuth scopes, implementing webhook signature verification, or auditing Klaviyo security configuration. Trigger with phrases like "klaviyo security", "klaviyo secrets", "secure klaviyo", "klaviyo API key security", "klaviyo OAuth".

2,266 Updated today
jeremylongshore
AI & Automation Solid

webflow-security-basics

Apply Webflow API security best practices — token management, scope least privilege, OAuth 2.0 secret rotation, webhook signature verification, and audit logging. Use when securing API tokens, implementing least privilege access, or auditing Webflow security configuration. Trigger with phrases like "webflow security", "webflow secrets", "secure webflow", "webflow API key security", "webflow token rotation".

2,266 Updated today
jeremylongshore