Back to skill
Skillv1.1.0
VirusTotal security
Cursor Cloud Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:12 AM
- Hash
- 8941a8f0efd2e4cfe72796776cf308a02e991d0622889af97a6f5ae3a2eee4c6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cursor-cloud-agent Version: 1.1.0 The skill bundle provides a CLI for Cursor Cloud Agents but contains a security flaw and undocumented background behavior in `scripts/cursor_bga.py`. The script implements a 'background watcher' that spawns a detached process using `subprocess.Popen` with `sys.executable -c`, passing the Cursor API key as a literal string in the command-line arguments. This exposes the sensitive credential to any user on the system via the process list (e.g., `ps`). Furthermore, the script includes undocumented logic to automatically send task status and conversation summaries to Feishu via the `openclaw` CLI if specific environment variables are set. While these features appear intended for automation rather than theft, the credential exposure and lack of transparency regarding background activity are high-risk.
- External report
- View on VirusTotal