Skillv3.0.2

ClawScan security

Cursor IDE Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 7:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (wrapping the Cursor CLI/Node flows) matches its instructions, but metadata mismatches and the SKILL.md's recommendation to run a remote install script (curl | bash) — together with mixed authorship/version info — are inconsistent and worth caution.
Guidance: This skill largely does what it says: it's a wrapper/guide for using the Cursor CLI and Node-based remote IDE. However: (1) metadata mismatches (different owner names and version numbers across registry info, README, and _meta.json) reduce confidence in provenance — prefer skills whose metadata and source are consistent and verifiable; (2) SKILL.md recommends running curl https://cursor.com/install | bash — do not run remote install scripts blindly. If you need the CLI, prefer a package-manager install (Homebrew, distribution package) or fetch the install script and inspect it before executing; (3) the agent/workflows read project files (e.g., .cursor/rules, AGENTS.md, mcp.json, any file referenced with @filename). Only grant workspace access to code/projects you trust; avoid pointing the agent at sensitive system paths; (4) confirm the cursor.com domain and verify authenticity of the installer and binary versions (agent vs cursor-agent) before installing; (5) because this is instruction-only, there is no bundled code to audit — treat the instructions as the security surface and verify any external binaries and network endpoints the skill recommends.
Findings: [no_code_files_to_scan] expected: The static scanner had no code files to analyze because this is an instruction-only skill (SKILL.md and README only). Absence of findings is not evidence of safety; review the instructions carefully (they include a remote install command).

Review Dimensions

Purpose & Capability: noteName, description, and required binaries (agent or cursor-agent) align with a Cursor CLI/Node integration. The instructions focus on CLI and Node workflows expected for an IDE agent. However repository metadata (_meta.json owner, README author links, and published version) do not consistently match the registry metadata (owner ID and version 3.0.2), which is an inconsistency in provenance.
Instruction Scope: concernSKILL.md instructs the user to install and invoke the Cursor CLI and describes reading project-level files (.cursor/rules, AGENTS.md, CLAUDE.md, mcp.json) and using @filename to include context. These are coherent for a code agent, but the instructions also include running an external installer via curl https://cursor.com/install | bash and recommend running interactive TUI via PTY. The curl|bash pattern and the ability to include arbitrary files from the workspace increase risk if users or agents run commands without inspection.
Install Mechanism: concernThere is no automated install spec in the package (instruction-only), but SKILL.md explicitly tells users to run curl https://cursor.com/install -fsS | bash. Executing remote install scripts piped to a shell is higher risk even when hosted on a well-known domain; the guidance should advise inspecting the script or using a package manager/homebrew alternative. The README also lists a Homebrew install path, which is lower risk, but the primary example is the curl|bash flow.
Credentials: okThe skill declares no required environment variables, no credentials, and no required config paths. The files and project-level paths the skill references (workspace files, .cursor rules) are proportional to a coding assistant. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege: okalways:false and default invocation behavior is normal. The skill does not request to modify other skills or system-wide configuration. It documents reading project workspace files and interacting with Cursor cloud endpoints when the user opts in, which is expected for this functionality.