Back to skill
Skillv3.0.2
VirusTotal security
Cursor IDE Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:34 AM
- Hash
- 926773b12f00761250b69b385a45c0ea88b2eb1b9d9a8d3d16c2434715a73308
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cursor-ide-agent Version: 3.0.2 The skill is classified as suspicious due to several high-risk capabilities and a significant supply chain vulnerability. The installation instructions in `SKILL.md` and `README.md` use `curl https://cursor.com/install -fsS | bash`, which executes arbitrary remote code and poses a substantial supply chain risk. Furthermore, the skill enables the OpenClaw agent to perform extensive file system operations (read, write, delete), Git actions (commit), and powerful debugging functions (evaluate, access variables) via the `vscode-node` protocol. While these are core functionalities for a coding agent, they provide ample opportunity for abuse through prompt injection, potentially leading to data exfiltration or unauthorized code modification if the agent is compromised.
- External report
- View on VirusTotal