Skillv1.1.0

ClawScan security

Cursor CLI Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 4, 2026, 6:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and absence of installs are consistent with a helper that delegates coding tasks to the Cursor CLI; nothing requests unrelated credentials or downloads arbitrary code.
Guidance: This skill is coherent for delegating coding tasks to a Cursor `agent` CLI, but exercise caution before using it on real repos: (1) Verify the `agent` CLI binary you have is the expected Cursor tool from a trusted source. (2) Prefer running the skill in isolated temporary directories or git worktrees (as the SKILL.md recommends), not in important project directories. (3) Avoid using `--yolo`/`--trust` unless you understand and accept fully automated changes and autopushes. (4) Be aware the workflow will use your git/gh authentication (SSH keys or gh auth) to push branches/PRs — do not run it where those credentials grant access you don't want automated. If you need higher assurance, test on a throwaway repo first.

Purpose & Capability: okName/description match the instructions: the skill is an instruction-only wrapper for the Cursor `agent` CLI. The declared required binary (agent) is appropriate for the stated purpose.
Instruction Scope: noteSKILL.md stays focused on launching the Cursor `agent` CLI (workdir, PTY, background sessions, modes). It includes steps that run git/gh and push branches/PRs, and it instructs use of aggressive flags like `--yolo`/`--trust` which auto-approve operations; these are expected for an automation helper but are potentially dangerous if used on sensitive repositories. The doc warns to spawn reviews in temp dirs and not to operate in the ~/clawd workspace (good).
Install Mechanism: okInstruction-only skill with no install spec and no archive downloads. Nothing is written to disk by the skill itself; install risk is low.
Credentials: noteThe skill declares no required env vars and does not request secrets. However, the instructions assume availability of git/gh and network push access (SSH keys or gh auth) and will perform network operations (clone, push, create PRs) when used. This is consistent with its purpose but users must be aware that repository credentials or authenticated CLI state are required by the workflow.
Persistence & Privilege: okalways:false and no persistent installs. Autonomous invocation is allowed by platform default; nothing in the skill elevates privileges or attempts to persist beyond normal agent activity.