Skillv1.3.3

ClawScan security

Cursor Cloud Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 3:42 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions are internally consistent for a Cursor Cloud Agents API wrapper, but you should verify provenance and be mindful of local API-key and cache handling before installing.
Guidance: What to check before installing: - Verify origin: the package lists an author but has no homepage; prefer installing skills from known/trusted sources or inspect the repository history. If provenance matters, ask the publisher for a canonical repo or GPG-signed release. - Inspect scripts: review scripts/cursor-api.sh and cca-aliases.sh before running. They are the entry points and will be executed locally. - Protect your API key: this skill reads CURSOR_API_KEY from multiple local files (~/.openclaw/.env, ~/.openclaw/.env.local, .env, ~/.cursor/config.json) and uses it to call api.cursor.com. Store the key with strict permissions (chmod 600), consider using a key with least privilege, and rotate it if you stop using the skill. - Cache is unencrypted: cached responses and background-task metadata are stored under ~/.cache/cursor-api/. Avoid using on multi-user systems or ensure appropriate directory permissions (700). Clear the cache with 'cursor-api.sh clear-cache' when needed. - Review API_BASE override: the scripts allow CURSOR_API_BASE override for testing; verify it isn't pointed to an unexpected endpoint before use. - Run validation/tests locally: run ./validate.sh and tests/run-tests.sh (integration tests require a real API key) to confirm behavior in your environment. - Shell rc sourcing: the cca aliases file suggests sourcing into your shell rc; only do this if you trust the installation path (sourcing a script can run arbitrary code each shell startup if the path changes). - If you need higher assurance: request a reputable upstream repository URL or checksum, run the scripts in a sandboxed environment first, and limit cursor API key permissions to the minimal repos needed.

Review Dimensions

Purpose & Capability: okThe skill claims to wrap Cursor Cloud Agents and requires a CURSOR_API_KEY, curl/jq/base64/bash, and reads/writes a local cache — these are all expected for an HTTP API wrapper that launches agents on GitHub repos.
Instruction Scope: okSKILL.md and scripts limit behavior to contacting api.cursor.com, managing agents, and storing state in ~/.cache/cursor-api/ and background-task files. The only file reads are for API key discovery (~/.openclaw/.env, ~/.openclaw/.env.local, .env, ~/.cursor/config.json) which are reasonable for credential discovery. The skill documents its unencrypted cache and other security tradeoffs.
Install Mechanism: okNo install spec (instruction-only plus included shell scripts). No remote downloads or archive extraction. The runtime is purely shell scripts included in the package — lower install risk. Still verify the script contents before running because they will execute locally.
Credentials: noteOnly CURSOR_API_KEY is required, which matches the claimed purpose. Note: the skill will search multiple local locations for the key and will place unencrypted cache files under ~/.cache/cursor-api/. The API key will also appear in the process environment when used; the SECURITY.md acknowledges these exposures as limitations.
Persistence & Privilege: okalways:false and standard autonomous invocation default. The skill writes its own cache and background-task JSON files under the user's cache directory but does not request system-wide privileges or modify other skills' configs.