ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cursor Agent for OpenClaw

v1.0.2

Run Cursor Agent CLI for coding tasks — writing, editing, refactoring, reviewing, or planning code — without spending OpenClaw API credits. Use when the user...

0· 363·0 current·0 all-time
byLuis Albinati@albinati
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and scripts clearly require the 'agent' CLI (Cursor Agent). However the registry 'Requirements' section in the provided metadata lists no required binaries or credentials, which is inconsistent. Requiring the Cursor CLI is reasonable for the stated purpose, but the metadata omission is a mismatch that could hide setup or permission expectations.
!
Instruction Scope
The SKILL.md imposes strict user-consent rules (MUST NOT be invoked autonomously, always start read-only, ask before write/cloud/commit). The included run.sh implements read/ask/plan/write modes and defaults to read-only, which aligns in spirit, but the script itself does not enforce interactive confirmation — it trusts the caller to pass 'write' only after confirmation. That puts the burden on the platform/agent to follow the SKILL.md rules; the skill does not technically enforce them.
Install Mechanism
There is no install spec (instruction-only plus a small helper script). Nothing is downloaded or executed from remote URLs. This is low install risk.
Credentials
The skill does not request environment variables, secrets, or config paths. It only invokes a local CLI and operates on a user-supplied repo path, which is proportionate to the claimed purpose.
!
Persistence & Privilege
The skill metadata allows autonomous invocation (disable-model-invocation is false) while the SKILL.md explicitly states the skill MUST NOT be invoked autonomously and requires explicit user consent before any write/cloud/commit actions. This mismatch is the main privilege/behavior concern. 'always' is false, so it won't be force-included, but the ability for the agent to call it autonomously contradicts the documented safety constraints.
What to consider before installing
This skill is a wrapper for the Cursor 'agent' CLI and the included script defaults to read-only, which is appropriate. However: (1) the SKILL.md insists it must not be run autonomously, but the skill metadata allows autonomous invocation — confirm the platform will not call it without explicit user approval. (2) The registry metadata omitted the 'agent' binary requirement — ensure you have the official Cursor CLI installed from cursor.com before using. (3) The script can run in a 'write' mode and uses flags (--force, --trust) that apply changes; the script does not itself prompt for confirmation, so only invoke 'write' after you (or your agent platform) gets explicit user consent. (4) Be cautious with any '--cloud' mode: it will send repo contents to cursor.com — do not use for sensitive/private repos unless you accept that. If you need this skill, request the publisher update metadata to declare the 'agent' binary requirement and to mark the skill as non-autonomous (or ensure the platform enforces the SKILL.md consent rules) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9777d1qvf986kq647m51pw2fh82emt4
363downloads
0stars
3versions
Updated 5h ago
v1.0.2
MIT-0
Luis Albinati@albinati
latest
Download

Cursor Agent

Cursor Agent CLI runs on the user's Cursor subscription — zero API cost. Always prefer it over inline code generation for any non-trivial coding task.

Prerequisites

Required binary: agent (Cursor Agent CLI)

Install from the official site: https://cursor.com/docs/cli/overview — then verify with agent --version. The helper script (scripts/run.sh) will exit with an error if agent is not found in PATH.

User Consent Required — MANDATORY

This skill MUST NOT be invoked autonomously. Every invocation requires:

  1. State intent first — tell the user: the repo, the task, the model, and whether files will be changed
  2. Wait for explicit "yes" — do not proceed without clear user approval
  3. Default to read-only — use run.sh <repo> <task> <model> ask unless the user explicitly asks for changes
  4. Before writing files — run in ask mode first, show the user the plan, then ask: "Apply these changes?"
  5. Before --cloud — explicitly warn: "This will send repo contents to cursor.com. OK to proceed?"
  6. Before committing — show the diff and get confirmation

The helper script (scripts/run.sh) defaults to ask (read-only). Pass write as the mode argument only after the user has confirmed changes should be applied.

Model Routing

Task typeModel flagMode flag
Trivial / exploratory(omit — auto)(omit)
Bug fix / feature / refactor--model sonnet-4.6(omit)
Code review / explain (read-only)--model sonnet-4.6--mode=ask
Architecture / design planning--model opus-4.6-thinking--mode=plan
Long background task--model sonnet-4.6use --cloud instead of -p

Headless Commands

Read-only first — always start with --mode=ask to review before applying changes:

cd <repo> && agent -p "<task>" --model sonnet-4.6 --mode=ask --output-format text --trust

Apply changes — only after user confirms the plan:

cd <repo> && agent -p "<task>" --model sonnet-4.6 --force --output-format text --trust

Cloud/background — warn user that repo data goes to cursor.com:

cd <repo> && agent -c "<task>" --model sonnet-4.6 --trust
# Monitor at: cursor.com/agents

Git Rule

Cursor sandbox blocks git commit. Always commit manually after Cursor edits:

cd <repo> && git add -A && git commit -m "<conventional commit message>" && git push

Show the diff to the user and confirm before committing if the change is large or touches sensitive areas.

Repos & Workdirs

  • Always cd to the correct repo before running
  • Check for .cursor/rules and AGENTS.md in the repo root — Cursor loads these automatically for project context

Context & Sessions

  • Add @<file> in prompt to include specific files in context
  • --continue or --resume to continue a previous session
  • agent ls to list previous sessions

Output Handling

  • --output-format text → clean final answer, summarise key changes to the user
  • --output-format json → structured, use for scripted parsing
  • Always report back: what changed, what was committed, any issues found

References

  • Model list & details: references/models.md
  • Slash commands (interactive mode): references/slash-commands.md

Comments

Loading comments...