ClawHub

Cursor Dispatch

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Cursor CLI orchestration skill, but it gives agents broad authority to auto-edit code, create commits, run background jobs, and kill processes without clear user approval gates.

Install only if you intend to let an agent drive Cursor CLI coding workflows. Prefer plan or ask mode first, require a diff review before using --yolo, do not allow automatic git commits unless explicitly requested, and avoid the pkill cleanup command unless you have verified no unrelated Cursor Agent jobs are running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill goes beyond orchestration and explicitly instructs the downstream agent to modify code, run verification commands, and create git commits. That expands its effective capability from dispatch to repository mutation, which increases the chance of unintended code changes or history changes without clear user consent or manifest disclosure.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The prompt template directs automatic fixes followed by `git commit`, but the declared skill description focuses on orchestration and coordination. Hidden or under-declared commit behavior is risky because it can alter repository history and conceal the scope of actions users think they are authorizing.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented `pkill -f "cursor agent -p"` is a broad process-wide kill that can terminate unrelated Cursor agent sessions, including other user work. In a shared or multi-task environment this can cause loss of work, interrupted operations, and hard-to-debug collateral damage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The execute chain directs the agent to fix code and commit changes automatically after verification, but does not require an explicit warning or approval for modifying files or repository history. This is dangerous because autonomous write operations can introduce bad changes, overwrite user intent, or create misleading commit history.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal