ClawHub

Cursor Agent for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for Cursor Agent that can edit code or send repo contents to Cursor when approved, but its behavior matches its stated purpose.

Install this only if you want OpenClaw to use Cursor Agent for coding work. Confirm each run, start in ask or plan mode, review diffs before write mode or git push, and avoid cloud/background mode for private repositories unless sending code to Cursor is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill states that every invocation requires explicit user approval and should default to read-only, but it also instructs operators to always prefer this tool for non-trivial coding tasks and later presents direct execution patterns that can be used for write or cloud modes. That inconsistency can cause an agent or operator to skip the intended consent gate, increasing the chance of unauthorized code modification or external data exposure.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document says commits must be manual because Cursor sandbox blocks git commit, yet the example immediately performs `git commit` and `git push`. This contradiction can mislead an agent into executing repository-changing actions without the separate review and confirmation step the policy claims to require.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation criteria are broad, including nearly any substantial file-editing task and cases where code work would otherwise be done inline. Overbroad routing increases the likelihood the skill is invoked in situations where user intent, repository sensitivity, or safer inline handling has not been adequately validated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal