cursor-agent-cli
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Cursor Agent CLI helper, but it exposes powerful coding-agent features such as code modification, auto-approval, cloud execution, credentials, and MCP access that users should enable carefully.
This skill appears benign and purpose-aligned for using Cursor Agent CLI. Before installing or invoking it, verify the Cursor installer source, avoid auto-approve/trust/sandbox-disabled modes unless you understand the workspace, protect API keys, and review all code changes before applying them.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent runs these modes carelessly, Cursor Agent could change files or execute development commands without step-by-step approval.
The skill explicitly documents a coding agent that can modify code and an auto-approval mode. This is expected for the Cursor Agent CLI, but it is powerful if used on the wrong workspace or without review.
| **Agent** | Full access - can modify code | Default | ... # Auto-approve all commands agent --force "build the feature" agent --yolo "build the feature"
Use plan/ask mode first, keep sandboxing enabled where possible, specify the intended workspace, and avoid --force/--yolo except in trusted, reviewable environments.
Running a remote installer gives the downloaded script local execution authority.
The install guidance runs a remote installer script directly in the shell. It is user-directed and aligned with installing Cursor, but remote installer pipelines should be trusted and verified.
curl https://cursor.com/install -fsS | bash # Windows PowerShell irm 'https://cursor.com/install?win32=true' | iex
Install only from Cursor's official site/docs, inspect or verify the installer if possible, and avoid running the command from untrusted networks or copied sources.
Cursor credentials or API keys may grant account access and should be handled like secrets.
The skill documents Cursor authentication and API-key use. This is expected for the provider integration, and the artifacts do not show credential logging or unrelated transmission.
export CURSOR_API_KEY="your-key" agent --api-key "your-key" ... # Login agent login
Prefer secure environment-variable or provider login flows, avoid sharing keys or putting them in shell history, and revoke any key that may have been exposed.
Future Cursor Agent sessions may reuse prior context, including code or prompts the user did not intend to carry forward.
The skill documents persistent Cursor sessions that can be resumed. This is a normal feature, but persisted coding context can include sensitive project details or stale instructions.
Save important sessions (they auto-save) ... agent resume agent --continue
Resume only the intended session, avoid entering secrets, and clear/logout from sessions when working on sensitive projects.
Unreviewed MCP servers could expose additional tools or data to the coding agent.
The skill documents MCP server management and an auto-approve option. MCP integrations are expected in agent tooling, but auto-approval can reduce review of external tool/context boundaries.
## MCP (Model Context Protocol) Management agent mcp # Auto-approve MCP servers agent --approve-mcps
Only approve MCP servers you recognize, avoid auto-approval in untrusted workspaces, and review each server's permissions and data access.
A background agent could make or propose code changes while the user is not actively watching.
The skill documents cloud/background execution. This is disclosed and purpose-aligned, but it can continue work outside an interactive local session.
## Cloud Agent (Background Execution) Run tasks in the cloud while you're away: agent -c "refactor the auth module and add comprehensive tests"
Use cloud mode only for well-scoped tasks, prefer branches or worktrees, and review all generated changes before merging or deploying.