Back to skill
Skillv1.3.3
VirusTotal security
Cursor Cloud Agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
Apr 29, 2026, 3:50 AM
- Hash
- e60e985ab8f792792f860ed1948ad37e5178928b9f923e65a90ffe36a17bac64
- Source
- palm
- Code Insight
- Type: OpenClaw Skill Name: cursor-cloud-agents Version: 1.3.3 The skill is classified as **benign**. The `cursor-api.sh` script, which is the core of this skill, is a well-structured shell script designed to interact with the Cursor Cloud Agents API. It demonstrates strong security practices, including explicit input sanitization for agent IDs and repository names (`sanitize_id`, `sanitize_repo`) to prevent command injection, and uses `mktemp` for safe temporary file handling. The `SKILL.md` and `README.md` provide clear instructions for users and do not contain any prompt injection attempts against the OpenClaw agent itself. The use of `base64` in `get_auth_header()` is for standard HTTP Basic Authentication, not obfuscation, and is explicitly explained in `SECURITY.md`, which also transparently addresses known limitations like unencrypted cache files and API key presence in the environment. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, unauthorized persistence, or execution of remote malicious payloads.
- External report
- View on VirusTotal