OpenClaw Cursor Agent
WarnAudited by ClawScan on May 18, 2026.
Overview
The core Cursor/tmux task manager is understandable, but the package also includes high-risk setup guidance that can restore unknown OpenClaw agents/configuration and expose local services.
Only install this if you intentionally want OpenClaw to launch persistent Cursor CLI coding sessions. Configure project paths narrowly, monitor and kill sessions when finished, and do not follow the unrelated backup-restore or public-gateway setup instructions unless you have independently audited them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can start local processes that may read or modify files in configured project directories.
The plugin directly launches configured shell/WSL processes to run toolkit scripts. This is central to the stated Cursor/tmux purpose, but it gives the skill local command execution authority.
import { spawn } from "node:child_process"; ... const child = spawn(shellExecutable, args, {Use it only with trusted projects and review the configured toolkitRoot, defaultProjectPath, and shell settings before enabling.
A Cursor task may keep running in the background and continue changing files until it finishes or is stopped.
The skill intentionally creates persistent background coding sessions. This is disclosed and includes a kill tool, but users should understand that work may continue after the chat response.
Manage long-running Cursor CLI coding tasks ... backed by tmux sessions ... `cursor_agent_spawn_task` | 启动后台 Cursor 编码任务 ... `cursor_agent_kill_session` | 结束任务
Monitor sessions with the status/list tools and stop unneeded sessions promptly.
The background Cursor agent may use your existing Cursor account/session while performing coding tasks.
The skill expects a locally authenticated Cursor CLI. The artifacts do not show token theft or logging, but the spawned agent will operate with that account's privileges.
Cursor CLI (`agent`) with valid login
Use a dedicated or least-privileged account where possible and avoid running it in directories containing unrelated secrets.
Following that guide could install unknown OpenClaw configuration, agents, extensions, and scheduled tasks into the user's environment.
A bundled guide instructs users to download an external backup and run an unreviewed restore script that copies broad OpenClaw state, including agents, extensions, autoskills, cron jobs, and sessions. This is not necessary for the Cursor/tmux skill and could replace or add agent behavior outside the stated purpose.
curl -L -o xiaoxia-full-backup.tar.gz ... https://github.com/zhangzeyu99-web/xiaoxia-memory/... ; ./restore.sh ... openclaw.json, workspace, agents, extensions, autoskill, sessions, cron.json, nodes
Do not run the backup restore steps unless the backup and restore script are separately audited and intentionally needed; the publisher should remove or isolate this unrelated guide from the skill package.
If followed, local OpenClaw/Feishu traffic could be exposed beyond the local machine or trusted network.
The bundled local setup guide suggests exposing the OpenClaw gateway on all interfaces and configuring Feishu webhooks over HTTP/public or tunnel addresses. This is unrelated to the Cursor task manager and creates unclear data and access boundaries.
"bind": "0.0.0.0" ... http://你的IP:18789/webhook/feishu
Keep gateway access restricted, use authenticated/TLS-protected endpoints, and avoid applying unrelated public webhook setup instructions from this skill package.