Cursor Cloud Agents
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Cursor API wrapper, but users should notice that it uses a Cursor API key to launch cloud coding agents on GitHub repos and stores some local cache/task data unencrypted.
Install only if you want OpenClaw to dispatch work to Cursor Cloud Agents using your Cursor account. Confirm the Cursor API key and GitHub App permissions are appropriate, launch agents only on intended repositories, review generated pull requests before merging, and clear or protect the local cache on shared systems.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill should understand that it can act through their Cursor subscription and whatever GitHub repositories Cursor can access.
The skill uses a Cursor API key and can read it from multiple local configuration files. This is disclosed and fits the Cursor integration, but it gives the skill delegated access to the user's Cursor account.
The skill automatically discovers your Cursor API key from these locations (in order): ... CURSOR_API_KEY ... ~/.openclaw/.env ... .env ... ~/.cursor/config.json
Use a dedicated Cursor API key where possible, keep env/config files permission-restricted, and review Cursor GitHub App repository permissions.
A launched agent may create code changes and pull requests in repositories that your Cursor account can access.
The skill can launch cloud agents against GitHub repositories and appears to support automatic PR creation. This is central to the stated purpose, but it is a high-impact action that should remain user-directed.
Launch an agent ... cursor-api.sh launch --repo owner/repo --prompt "Add tests for auth module" ... --no-pr - Don't auto-create PR
Launch agents only on intended repositories, use clear prompts, consider --no-pr when you want manual control, and review all generated PRs before merging.
Background agents may continue consuming Cursor quota and working on a repo until they finish, are stopped, or hit the configured runtime limit.
The skill supports long-running background tasks, including a user-selected unlimited runtime. This is disclosed and optional, but it means work may continue after the initial command.
--background - Run agent in background mode ... Default is 24 hours ... Unlimited runtime (not recommended) ... --max-runtime 0
Use background mode only when needed, avoid unlimited runtime, and monitor tasks with bg-list/bg-status.
Other local processes or users with access to your account files may be able to read cached agent responses or task metadata.
The skill persists API/cache data locally without encryption. This is disclosed and related to performance/background task tracking, but cached responses or prompts may contain sensitive repository or account information.
Cache at ~/.cache/cursor-api/ is unencrypted.
Avoid using this on shared machines unless home-directory permissions are restricted, and clear the cache periodically with clear-cache.
The install page may not fully preview the credential and binary requirements even though the bundled documentation does.
Registry metadata says no env vars or primary credential are required, while SKILL.md and skill.json declare CURSOR_API_KEY and shell tool requirements. This looks like metadata under-declaration rather than hidden behavior, because the skill documentation discloses the credential use.
Required env vars: none ... Primary credential: none
Review SKILL.md/skill.json before use and ensure bash, curl, jq, base64, and CURSOR_API_KEY are intentionally configured.