ClawHub

Cursor CLI Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Cursor CLI guide, but it includes under-scoped automation that can install remote code, auto-apply edits, and automatically trust a workspace.

Install only if you are comfortable with Cursor CLI having broad access to the repository where you run it. Prefer a verifiable installer or package-manager install, avoid `--force` unless you have reviewed the target repo and can revert changes, and do not automate the workspace-trust prompt for untrusted or newly downloaded projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README instructs users to execute a remote installer by piping downloaded content directly into bash, which bypasses inspection and trusts the remote server, transport path, and any compromise of the hosting endpoint. In a developer-facing skill, this is especially risky because users may copy-paste the command verbatim, enabling arbitrary code execution if the script is altered or intercepted.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents `--force` as a way to auto-apply changes without any caution that it can modify code non-interactively. In a CI or agent context, this increases the chance of unintended or unsafe edits being applied at scale without review, which is a meaningful security and integrity risk even if the author likely intended convenience.

Missing User Warnings

High
Confidence
96% confidence
Finding
The tmux automation guide instructs sending `a` to trust the workspace automatically, bypassing an important trust decision that can affect what code, config, and tooling the agent will execute or honor. In an automated setting, this can cause untrusted repositories to be treated as safe, increasing the risk of malicious project instructions, scripts, or configuration being acted upon.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal