ClawHub

Cursor IDE Agent

Security checks across malware telemetry and agentic risk

Overview

This is a real Cursor coding-agent skill, but it needs Review because it encourages powerful unattended code and IDE actions without enough safety and privacy guardrails.

Install only if you intend to let Cursor Agent operate on your repositories. Prefer ask or plan mode first, use trusted installation methods, keep work on a branch, review repository instruction files and MCP config, inspect diffs before commits, and avoid `--force`, sandbox disabling, background runs, or cloud handoff unless you explicitly want that level of unattended authority and data sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill's security section claims that both paths provide 'no raw shell access by default,' but the CLI path explicitly instructs users to launch a terminal-based agent through PTY/background execution and to use forceful automation modes. This misleading assurance can cause operators to underestimate the execution and persistence capabilities of the tool, increasing the chance of unsafe use in sensitive environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation promotes `--force` as 'auto-apply changes, no confirmation' without warning that it can make broad unattended code modifications. In a skill that is meant to drive coding agents, this meaningfully raises the risk of destructive edits, hidden dependency changes, or unsafe patches being applied without human review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cloud handoff examples encourage sending coding tasks to Cursor's remote service but do not warn that prompts, code context, or metadata may leave the local machine. For development environments containing proprietary code, secrets, or regulated data, this omission can lead to inadvertent data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents `agent --sandbox disabled` and interactive sandbox changes without clearly warning that disabling sandboxing reduces containment for file system, command, and possibly network actions. Given this skill's purpose of driving an autonomous coding agent, reduced isolation materially increases the impact of prompt mistakes or malicious repository content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal