Skip to main content
mcpSource-backed

Zeplin MCP Server for Claude

Official Zeplin MCP server that lets AI coding agents access Zeplin screen specs, component specs, annotations, assets, and design tokens for design-to-code workflows.

by Zeplin · submitted by oktofeesh1·added 2026-06-03·
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://support.zeplin.io/en/articles/11559086-zeplin-mcp-server, https://github.com/zeplin/mcp-server
Safety notes
Treat `ZEPLIN_ACCESS_TOKEN` as a secret. It can expose design handoff data for every Zeplin project the token holder can access, so store it in MCP environment configuration rather than prompts, checked-in files, or shared transcripts., Use specific Zeplin screen, component, or layer links in prompts. Broad design-context requests can pull too much implementation detail into the model context and increase the chance of incorrect generated UI., Generated code should still be reviewed against the real product codebase, existing components, accessibility requirements, responsive behavior, and design-system constraints before merge., Avoid giving agents production deploy rights just because they can inspect Zeplin specs. Design context is input to implementation, not approval to ship unreviewed UI changes.
Privacy notes
Zeplin MCP results can expose unreleased screens, component specs, assets, annotations, interaction notes, product copy, styleguide tokens, brand details, and internal design-system structure., Mock data in design files can still contain customer names, email addresses, account screenshots, revenue figures, support details, or other sensitive examples that should not be copied into public prompts or logs., MCP client logs, AI transcripts, generated code comments, screenshots, and debugging output can retain Zeplin links and design details outside Zeplin's normal access controls.
Author
Zeplin
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

78

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

CLI install

Copy-ready — paste the snippet to get started.

10 minutes

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

5 prerequisites to line up before setup. Have accounts and credentials ready first.

0/5 ready
Account & credentials2Install & runtime2General110 minutes

Safety & privacy surface

Safety & privacy surface

4 safety and 3 privacy notes across 5 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.

5 areas
  • SafetyCredentials & tokensTreat `ZEPLIN_ACCESS_TOKEN` as a secret. It can expose design handoff data for every Zeplin project the token holder can access, so store it in MCP environment configuration rather than prompts, checked-in files, or shared transcripts.
  • SafetyNetwork accessUse specific Zeplin screen, component, or layer links in prompts. Broad design-context requests can pull too much implementation detail into the model context and increase the chance of incorrect generated UI.
  • SafetyGeneralGenerated code should still be reviewed against the real product codebase, existing components, accessibility requirements, responsive behavior, and design-system constraints before merge.
  • SafetyGeneralAvoid giving agents production deploy rights just because they can inspect Zeplin specs. Design context is input to implementation, not approval to ship unreviewed UI changes.
  • PrivacyCredentials & tokensZeplin MCP results can expose unreleased screens, component specs, assets, annotations, interaction notes, product copy, styleguide tokens, brand details, and internal design-system structure.
  • PrivacyLocal filesMock data in design files can still contain customer names, email addresses, account screenshots, revenue figures, support details, or other sensitive examples that should not be copied into public prompts or logs.
  • PrivacyPermissions & scopesMCP client logs, AI transcripts, generated code comments, screenshots, and debugging output can retain Zeplin links and design details outside Zeplin's normal access controls.

Safety notes

  • Treat `ZEPLIN_ACCESS_TOKEN` as a secret. It can expose design handoff data for every Zeplin project the token holder can access, so store it in MCP environment configuration rather than prompts, checked-in files, or shared transcripts.
  • Use specific Zeplin screen, component, or layer links in prompts. Broad design-context requests can pull too much implementation detail into the model context and increase the chance of incorrect generated UI.
  • Generated code should still be reviewed against the real product codebase, existing components, accessibility requirements, responsive behavior, and design-system constraints before merge.
  • Avoid giving agents production deploy rights just because they can inspect Zeplin specs. Design context is input to implementation, not approval to ship unreviewed UI changes.

Privacy notes

  • Zeplin MCP results can expose unreleased screens, component specs, assets, annotations, interaction notes, product copy, styleguide tokens, brand details, and internal design-system structure.
  • Mock data in design files can still contain customer names, email addresses, account screenshots, revenue figures, support details, or other sensitive examples that should not be copied into public prompts or logs.
  • MCP client logs, AI transcripts, generated code comments, screenshots, and debugging output can retain Zeplin links and design details outside Zeplin's normal access controls.

Prerequisites

  • Zeplin account with access to the projects, screens, components, and styleguides Claude should use
  • Zeplin personal access token generated from the Zeplin profile developer settings
  • Node.js 20 or later and npx available for running `@zeplin/mcp-server`
  • Claude Code, Cursor, Windsurf, VS Code with Copilot, or another MCP-capable client
  • Project policy for which Zeplin links, screens, components, and design systems are allowed in AI-assisted implementation

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
10 minutes
Difficulty
intermediate
Full copyable content
{
  "zeplin": {
    "command": "npx",
    "args": ["-y", "@zeplin/mcp-server@latest"],
    "env": {
      "ZEPLIN_ACCESS_TOKEN": "${ZEPLIN_ACCESS_TOKEN}"
    }
  }
}

About this resource

Content

The Zeplin MCP server connects Claude and other MCP-capable coding agents to Zeplin project context. It lets an assistant fetch structured design handoff data for screens and components, including specs, assets, annotations, documentation, and design tokens, so UI implementation prompts can refer to the same source of truth designers and engineers use in Zeplin.

This is distinct from the existing Figma MCP Server entry. Figma's Dev Mode MCP server exposes design context from Figma Desktop over a local HTTP server, while Zeplin's MCP server runs through the @zeplin/mcp-server package and a Zeplin personal access token for teams whose design handoff source of truth is Zeplin.

Features

  • Access Zeplin component and screen specs for design-aligned UI code.
  • Fetch assets and detailed implementation specs for screens and components.
  • Use screen annotations and documentation as behavior or implementation context.
  • Reuse colors, typography, spacing, and other design tokens from Zeplin styleguides.
  • Run through npx @zeplin/mcp-server@latest in Claude Code, Cursor, VS Code, Windsurf, or another stdio-capable MCP client.
  • Use Zeplin short URLs in prompts to keep requests focused on a specific screen, component, or implementation task.
  • Follow Zeplin's README guidance for component-first implementation and targeted prompts to manage model context limits.

Use Cases

  • Ask Claude to implement a specific Zeplin component using existing local code conventions.
  • Pull screen specs and annotations while building a responsive page from an approved Zeplin design.
  • Use Zeplin design tokens to align generated UI with the product styleguide.
  • Ask an agent to focus on one named layer or component instead of the entire screen.
  • Break larger screen builds into component-sized tasks using separate Zeplin links for each piece.

Installation

Claude Code

  1. Generate a Zeplin personal access token from your Zeplin profile developer settings.
  2. Confirm Node.js 20 or later and npx are available.
  3. Add the MCP server:
claude mcp add zeplin --env ZEPLIN_ACCESS_TOKEN=YOUR_ZEPLIN_PERSONAL_ACCESS_TOKEN -- npx -y @zeplin/mcp-server@latest
  1. Restart or refresh the MCP client session.
  2. Test with a narrow prompt that references one Zeplin screen or component URL.

Claude Desktop

  1. Open the Claude Desktop MCP configuration file.
  2. Add the zeplin server configuration shown below.
  3. Replace the token placeholder with a secret-managed Zeplin personal access token.
  4. Restart Claude Desktop and test on a non-sensitive design first.

Configuration

{
  "mcpServers": {
    "zeplin": {
      "command": "npx",
      "args": ["-y", "@zeplin/mcp-server@latest"],
      "env": {
        "ZEPLIN_ACCESS_TOKEN": "YOUR_ZEPLIN_PERSONAL_ACCESS_TOKEN"
      }
    }
  }
}

Examples

Implement a focused component

Use Zeplin for this component: https://zpl.io/EXAMPLE. Implement only the Button variant shown there using our existing Button primitives.

Update one screen element

The latest Zeplin screen adds a checkbox to the menu item. Focus only on that layer and update the existing MenuItem component.

Use design tokens

Fetch the Zeplin design tokens for this screen and map colors, typography, and spacing to our existing CSS variables where possible.

Source notes

  • Zeplin's official help article describes the MCP server for connecting AI agents like Cursor, Windsurf, VS Code, and Claude Code to Zeplin projects.
  • The help article says agents can access component and screen specs, documentation annotations, and design tokens such as colors, typography, and spacing.
  • The official Claude Code setup command uses npx -y @zeplin/mcp-server@latest with a ZEPLIN_ACCESS_TOKEN environment variable.
  • The npm package metadata identifies @zeplin/mcp-server as Zeplin's official MCP server for AI-assisted UI development and points to the zeplin/mcp-server repository.
  • The GitHub README documents Node.js 20+, a Zeplin account, a personal access token, MCP client configuration, prompt examples, and MIT licensing.

Duplicate check

Checked current content/mcp/, content/tools/, guides, skills, agents, open pull requests, live HeyClaude llms-full.txt, and repository-wide content for Zeplin, @zeplin/mcp-server, zeplin/mcp-server, support.zeplin.io, design handoff, screen specs, component specs, design tokens, and Figma MCP. Existing Figma MCP Server content is a local Figma Desktop Dev Mode MCP entry, not Zeplin's design handoff MCP server. No dedicated Zeplin MCP entry, Zeplin source URL duplicate, or open duplicate PR was found.

Disclosure

Editorial listing. No paid placement or affiliate link is used.

Source citations

Add this badge to your README

Show that Zeplin MCP Server for Claude is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/zeplin-mcp-server.svg)](https://heyclau.de/entry/mcp/zeplin-mcp-server)

How it compares

Zeplin MCP Server for Claude side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

1 trust signal differ across this comparison (Submitter).

Field

Official Zeplin MCP server that lets AI coding agents access Zeplin screen specs, component specs, annotations, assets, and design tokens for design-to-code workflows.

Open dossier

MCP server for extracting design systems from live websites, including design tokens, regions, components, contrast data, Tailwind themes, Figma variables, and prompt packs.

Open dossier

Storybook MCP addon that lets Claude and other MCP clients inspect component documentation, generate stories, preview UI states, and run Storybook tests against a local Storybook project.

Open dossier

Official AWS Labs developer-experience MCP server for Amazon DynamoDB that provides expert data-modeling guidance, model validation against DynamoDB Local, source-database analysis, schema conversion, and CDK generation.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1jaso0n0818
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandAWS Labs logoAWS Labs
Categorymcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backed
AuthorZeplinManavarya09StorybookAWS Labs
Added2026-06-032026-06-052026-06-032026-06-21
Platforms
Harness
Source repo
Safety notesTreat `ZEPLIN_ACCESS_TOKEN` as a secret. It can expose design handoff data for every Zeplin project the token holder can access, so store it in MCP environment configuration rather than prompts, checked-in files, or shared transcripts. Use specific Zeplin screen, component, or layer links in prompts. Broad design-context requests can pull too much implementation detail into the model context and increase the chance of incorrect generated UI. Generated code should still be reviewed against the real product codebase, existing components, accessibility requirements, responsive behavior, and design-system constraints before merge. Avoid giving agents production deploy rights just because they can inspect Zeplin specs. Design context is input to implementation, not approval to ship unreviewed UI changes.designlang uses Playwright to crawl live pages and can capture DOM-derived styles, responsive behavior, interaction states, screenshots, and accessibility findings. Authenticated extraction options can use cookies, cookie files, headers, and custom user agents, so never pass production session cookies or credentials unless approved. Generated outputs may include design tokens, Tailwind config, shadcn variables, Figma variables, component anatomy, prompts, screenshots, reports, and cloned starter code. Commands such as apply, clone, sync, drift, visual-diff, and MCP extraction can read live websites and write files in the configured output or project directory. Review extracted prompt packs and generated code before using them in another agent workflow or committing them.Storybook's MCP server and AI manifests are preview capabilities, and Storybook states that the API may change in future releases. The MCP server can guide an agent to generate components, write stories, preview states, and run tests. Review generated UI, stories, tests, and source changes before committing or shipping them. Storybook docs and stories are project-controlled input. Treat component docs, story text, examples, and addon output as untrusted context that can contain stale guidance or prompt-injection-like instructions. `run-story-tests` can execute interaction tests and browser-based component code. Do not run untrusted stories or tests with secrets, production credentials, or privileged browser sessions available. The default MCP endpoint is local to the Storybook dev server. Do not expose the local Storybook MCP endpoint or equivalent Storybook preview URLs to networks or tunnels unless access control and data exposure have been reviewed. When multiple Storybooks or MCP servers are configured, use descriptive server names so the model does not confuse design systems, toolsets, or component libraries.The core tools provide data-modeling guidance and are advisory; review all generated models, schemas, and CDK output before deploying anything to AWS. Model validation sets up a local DynamoDB instance and creates test tables; the source-database analyzer connects to a database you point it at (RDS Data API or a direct connection). Generated CDK apps and `dynamodb_data_model.json` files are written to your workspace; inspect them before running or committing.
Privacy notesZeplin MCP results can expose unreleased screens, component specs, assets, annotations, interaction notes, product copy, styleguide tokens, brand details, and internal design-system structure. Mock data in design files can still contain customer names, email addresses, account screenshots, revenue figures, support details, or other sensitive examples that should not be copied into public prompts or logs. MCP client logs, AI transcripts, generated code comments, screenshots, and debugging output can retain Zeplin links and design details outside Zeplin's normal access controls.URLs, page content, DOM text, CSS, screenshots, fonts, images, design tokens, cookies, headers, prompts, tool arguments, reports, and generated files may be visible to the MCP client and model provider. Authenticated or internal sites can expose product plans, unreleased UI, customer data, analytics identifiers, private brand assets, and implementation details. Output directories can retain extracted website data after the MCP session ends. Avoid running the server against private, paid, internal, or authenticated properties without legal and security approval.Storybook MCP tool results can expose component names, props, examples, docs, stories, design-system conventions, theme tokens, UI states, test results, accessibility findings, and story preview links. Storybook stories and previews can contain mock customer data, screenshots, private workflows, unreleased product UI, internal brand details, or business logic visible through component examples. Test output, accessibility reports, browser console logs, agent transcripts, screenshots, and generated summaries can retain Storybook content outside the normal repository and design-system access controls. Composed Storybooks can aggregate documentation and stories from multiple component libraries, so verify which composed sources are exposed before connecting an agent. Keep secrets, real user records, internal API tokens, and production credentials out of stories, play functions, test fixtures, and local Storybook environments used by AI agents.Access patterns, entity definitions, and any source-database schema you share are processed to produce the model and validation artifacts. The source-database analyzer can read schema structure and access-pattern data from the database you connect; keep database credentials out of public prompts, issues, and screenshots.
Prerequisites
  • Zeplin account with access to the projects, screens, components, and styleguides Claude should use
  • Zeplin personal access token generated from the Zeplin profile developer settings
  • Node.js 20 or later and npx available for running `@zeplin/mcp-server`
  • Claude Code, Cursor, Windsurf, VS Code with Copilot, or another MCP-capable client
  • Node.js 20 or newer available to the MCP client runtime.
  • Network access to the websites you plan to extract.
  • Permission to crawl and analyze the target sites.
  • Playwright or Chromium installation behavior reviewed for the local environment.
  • React Storybook project, because Storybook documents the MCP server and manifests as preview AI capabilities currently limited to React projects.
  • Node.js package manager access for installing `@storybook/addon-mcp`.
  • Running Storybook dev server, with the local MCP endpoint captured as `STORYBOOK_LOCAL_MCP_URL`.
  • MCP-compatible agent or editor that can connect to local HTTP MCP servers, such as Claude Code, Gemini CLI, OpenAI Codex, VS Code Copilot, or another compatible client.
  • Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
  • An MCP client that supports stdio servers (Claude Code, Claude Desktop, Cursor, Kiro, or VS Code).
  • Docker or a local DynamoDB Local setup if you want to use the model-validation tool, which creates tables and runs your access patterns.
  • Connection details/credentials for any source database (MySQL, PostgreSQL, SQL Server, Oracle) only if you use the source-database analyzer.
Install
claude mcp add zeplin --env ZEPLIN_ACCESS_TOKEN=YOUR_ZEPLIN_PERSONAL_ACCESS_TOKEN -- npx -y @zeplin/mcp-server@latest
npx -y designlang mcp
npx storybook add @storybook/addon-mcp
uvx awslabs.dynamodb-mcp-server@latest
Config
{
  "mcpServers": {
    "zeplin": {
      "command": "npx",
      "args": [
        "-y",
        "@zeplin/mcp-server@latest"
      ],
      "env": {
        "ZEPLIN_ACCESS_TOKEN": "${ZEPLIN_ACCESS_TOKEN}"
      },
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "designlang": {
      "command": "npx",
      "args": ["-y", "designlang", "mcp", "--output-dir", "./design-extract-output"]
    }
  }
}
{
  "mcpServers": {
    "storybook": {
      "type": "http",
      "url": "STORYBOOK_LOCAL_MCP_URL"
    }
  }
}
{
  "mcpServers": {
    "awslabs.dynamodb-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.dynamodb-mcp-server@latest"],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.