ClawHub

Cursor Rules

v1.0.0

Cursor IDE 规则配置专家,精通 .cursorrules、MDC 规则、Agent 模式、MCP 集成

0· 271·1 current·1 all-time
by@zhangifonly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Cursor rules, Agent mode, MCP integration) align with the SKILL.md content. The document only describes IDE features, rule file formats, shortcuts, and MCP integration — nothing asks for unrelated credentials, binaries, or system access beyond what Cursor Agent modes normally use.
Instruction Scope
The instructions describe Agent mode capabilities (create/edit files, run terminal commands, read error output) and explicitly mention a 'yolo' auto-execute mode. This is coherent for a Cursor agent helper, but it grants broad action capability when enabled — the skill itself doesn't include commands to exfiltrate data, but following its guidance could lead to agents executing filesystem or shell actions if the user enables those modes.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk-write/network install risk.
Credentials
The skill declares no required environment variables. However, the MCP integration example includes an inline example with an env field containing a GitHub token ("GITHUB_TOKEN": "ghp_xxx"). That's an example only, but it could encourage storing tokens in plaintext config. MCP servers can grant broad access (filesystem, DBs, APIs) so any real integration will require careful credential management.
Persistence & Privilege
always is false and there are no install actions that modify other skills. The skill allows autonomous invocation (platform default) and recommends Agent/yolo modes; this is expected for Cursor-related guidance but increases the importance of user-side controls (approve diffs, limit auto-execute).
Assessment
This is a documentation-style skill for Cursor IDE rules and Agent/MCP usage and is internally consistent. Before using it: (1) do NOT enable any 'yolo' or fully automatic execution mode unless you trust the agent and have tested on disposable projects; (2) do not store real tokens (e.g., GitHub personal access tokens) in plaintext repository config — use environment management or secrets with least privilege; (3) when integrating MCP servers, limit the scopes and provenance of any servers you run and validate commands they will execute; (4) always review diffs and terminal actions suggested by the agent before accepting; (5) if you need to grant a token for MCP, create a token with minimal scopes and consider using per-project short-lived credentials. These steps mitigate the primary operational risks described in the SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ebachvdbqnjmd4yf9swcgf1831s6g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments