OpenClaw Cursor Agent
Manage long-running Cursor CLI coding tasks through OpenClaw tools backed by tmux sessions. Use when the user asks to start a persistent coding job, inspect...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 107 · 0 current installs · 0 all-time installs
byEvenstar@zhangzeyu99-web
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The plugin, JS entrypoint, and the included shell scripts are coherent with the described purpose: they spawn tmux sessions, run Cursor CLI, track status files, send commands, and kill sessions. However, the package metadata claims "Required binaries: none" whereas the runtime scripts and docs clearly require bash, tmux, python3, and the Cursor CLI (agent/cursor-agent). That metadata omission is an incoherence and could mislead users about runtime requirements.
Instruction Scope
SKILL.md and the included scripts instruct the agent to run local shell scripts that create task/runner/log/status files and execute Cursor CLI in project directories. Those scripts will run commands in user-specified project paths and can modify the project (git operations are part of recommended tasks). The Node extension spawns child processes with env: process.env (it forwards the entire environment) so any environment variables available to the agent are also visible to the scripts/child processes. The docs also include a restore script and backup download steps that would copy many files into ~/.openclaw if followed — a potentially destructive operation if executed without review.
Install Mechanism
There is no external install spec (no arbitrary download/extract). The skill is instruction/code-only and includes local scripts and a Node entrypoint. No third-party URL downloads or installation of remote archives are present in the plugin files themselves (the docs show curl usage for installing Node/Cursor or downloading backups, which are standard but require user discretion).
Credentials
The skill declares no required environment variables or primary credentials, which superficially looks safe. In practice the Node code launches shell scripts with env: process.env (inheriting the agent process environment) and the scripts run external tools and may operate in arbitrary project directories. That means secrets present in the agent environment (AWS keys, tokens, etc.) could be visible to child processes or to any code the Cursor agent executes. Also the skill expects configuration (toolkitRoot) but that is not declared in the top-level 'required' metadata, increasing the chance of misconfiguration.
Persistence & Privilege
always is false. The skill writes state, task and log files under the configured toolkitRoot/status, tasks, and logs directories (normal for this functionality). It does not request to modify other skills or global agent settings. Nevertheless, scripts and the Cursor agent will be capable of making changes in target project directories (including git commits/pushes) — this is expected for a background coding agent but is a high-impact capability that users must accept explicitly.
What to consider before installing
What to check before installing:
- Understand the power: this skill runs shell scripts and the Cursor CLI in your filesystem and can modify project directories (it may run git commands, create files, push changes if instructed). Only install if you trust the code and intended tasks.
- Metadata mismatch: the package metadata claims no required binaries, but runtime scripts require bash, tmux, python3, and the Cursor CLI (agent). Expect to install/configure these first.
- Environment leakage: the Node extension launches scripts with the full process environment (process.env). Remove secrets from the agent environment or run the plugin under a separate, limited account/environment if you want to reduce risk.
- Inspect toolkitRoot: the plugin requires a toolkitRoot pointing at the included cursor-agent-system. Make sure it points to the copy you reviewed. Don’t point toolkitRoot to an existing system path you don’t control.
- Review restore/backup steps: documentation contains commands that copy backups into ~/.openclaw and download archives — do not run those blindly; review restore.sh and any backup contents before executing.
- Run doctor and tests in an isolated environment: before trusting it with real projects, configure toolkitRoot in a sandbox directory, run openclaw cursor-agent-doctor, and perform the minimal smoke tests described in the docs.
- If you need stronger guarantees: run the plugin inside a VM/isolated container or under a user with limited privileges, and avoid exposing sensitive env vars to the OpenClaw process.extensions/openclaw-cursor-agent/index.js:175
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download zipagentbackground-taskcursorlatestopenclawtmux
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
OpenClaw Cursor Agent
让 OpenClaw 把长时间编码任务交给 Cursor CLI 在 tmux 里持久运行。
架构
用户(飞书/聊天) → OpenClaw Agent → 插件 → WSL → tmux → Cursor CLI Agent
可用工具
| 工具 | 说明 |
|---|---|
cursor_agent_spawn_task | 启动后台 Cursor 编码任务 |
cursor_agent_list_tasks | 列出所有任务 |
cursor_agent_check_status | 查询任务状态和进度 |
cursor_agent_send_command | 向任务发送补充指令 |
cursor_agent_kill_session | 结束任务 |
cursor_agent_doctor | 诊断环境和依赖 |
工作流程
- 环境不确定时先
cursor_agent_doctor检查 cursor_agent_spawn_task启动后台任务cursor_agent_check_status或cursor_agent_list_tasks监控进度cursor_agent_send_command发送补充指令(/pause、/resume、/status、或自然语言)cursor_agent_kill_session结束任务
自然语言映射
| 用户说 | 调用工具 |
|---|---|
| 帮我用 Cursor 在后台做一个任务:… | cursor_agent_spawn_task |
| 看看刚才那个任务做到哪了 | cursor_agent_check_status |
| 告诉刚才那个任务:改成 RS256 | cursor_agent_send_command |
| 把刚才那个 Cursor 任务停掉 | cursor_agent_kill_session |
| 列出所有后台任务 | cursor_agent_list_tasks |
| 检查 Cursor 环境是否正常 | cursor_agent_doctor |
输出规范
- spawn 后告知会话名和任务 ID
- 查状态时报告当前步骤、进度百分比、tmux 是否存活
- 环境缺依赖时明确指出缺少什么(tmux / python3 / agent / WSL)
参考文件
Files
26 totalSelect a file
Select a file to preview.
Comments
Loading comments…