Cursor CLI Headless
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A delegated Cursor run may change files in the selected project automatically.
The wrapper enables Cursor CLI's force mode by default, allowing the headless agent to modify files without an interactive review step.
FORCE=true ... [[ "$FORCE" == true ]] && CMD+=(--force)
Use --no-force for review-only runs, choose the working directory carefully, and run from a version-controlled workspace so changes can be inspected or reverted.
Runs will consume and act under the user's Cursor account or API key.
The skill requires Cursor account authentication, which is expected for Cursor CLI usage, but gives the invoked CLI access under the user's Cursor identity.
Set `CURSOR_API_KEY` in the environment for scripts, or run `agent login` interactively once.
Use an appropriate Cursor account or scoped key where available, avoid exposing credentials in shared shells/logs, and confirm you trust the Cursor CLI installation.
If the remote installer or network path were compromised, the install command could run unwanted code locally.
The documented install path pipes a remote installer directly into a shell. This is disclosed and points to Cursor's domain, but it still requires trusting the downloaded installer.
install: `curl https://cursor.com/install -fsS | bash`
Prefer official Cursor installation instructions, verify the URL, and inspect installer contents first if operating in a sensitive environment.
Sensitive code, prompts, paths, or generated file text may be visible wherever stdout is stored or forwarded.
The documented stream-json output can include retrieved file contents and tool-call details. The wrapper streams raw NDJSON to stdout, so project content may appear in logs or downstream consumers.
tool_call.readToolCall.result.success → `{ "content": "...", "isEmpty": false, ... }`Do not pipe default streamed output to shared logs for sensitive repositories; consider --no-stream with text/json output when less verbose output is sufficient.