← Back to Skills Marketplace
brucezhu888

Use Cursor

by brucezhu888 · GitHub ↗ · v1.0.11 · MIT-0
cross-platform ⚠ suspicious
124
Downloads
0
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install use-cursor
Description
Manage Cursor CLI tasks via tmux with security hardening
Usage Guidance
This skill appears to do exactly what it claims: run Cursor CLI inside tmux sessions and return output. Before installing or using it, consider: 1) Run it first in isolated mode (spawn-isolated or inside a container) to avoid leaking environment variables or workspace secrets. 2) Review the included scripts (scripts/*.sh) yourself — the skill intentionally executes shell commands and uses tmux send-keys, which can execute input if a shell is active in the pane. 3) Don't run untrusted task strings on production machines with high-value secrets; use the provided isolation/container guidance. 4) Understand that redaction is pattern-based and may not catch every secret — if you have unusual credential formats, test outputs in a safe environment. If you need to be extra cautious, require manual approval before the skill invokes tools or runs tasks.
Capability Analysis
Type: OpenClaw Skill Name: use-cursor Version: 1.0.11 The skill provides tools to manage the Cursor CLI via tmux, which involves high-risk behaviors like shell execution (child_process.exec) and sending keys to terminal sessions. While the author has implemented significant security hardening—including a custom shell escaping function that strips control characters (index.js), the use of tmux literal mode (-l flag) in all scripts (spawn.sh, send.sh), and automated redaction of emails and API keys—the inherent risk of shell injection and the ability to capture workspace data from tmux panes requires a cautious classification for manual review.
Capability Assessment
Purpose & Capability
Name/description (manage Cursor CLI via tmux) match the code and scripts included: scripts call tmux and agent/cursor-agent, manifest/package.json list tmux and CURSOR_API_KEY, and SKILL.md documents the same. There are no unrelated cloud credentials, exotic binaries, or surprising permissions requested.
Instruction Scope
Instructions and SKILL.md stay within the stated purpose: they read ~/.cursor/cli-config.json for auth checks, capture tmux pane output to return task results, and call local scripts to run Cursor CLI inside tmux. The skill explicitly documents the primary risk (sending text to a shell via tmux send-keys). Mitigations are present (newline/control-char sanitization, tmux -l literal mode, isolated mode using env -i, output redaction), but residual risks remain: captured pane output may contain secrets and redaction is pattern-based (may miss unusual tokens), and exec inherits the Node process environment unless isolated mode is used.
Install Mechanism
No install spec is provided for downloading arbitrary code; the skill ships scripts and JS in the package (no automatic remote-download at install). SKILL.md suggests user-run installers for Cursor CLI (curl https://cursor.com/install) with explicit advice to review them first — acceptable but user-facing external installer steps are required for Cursor CLI itself, not for the skill.
Credentials
Declared env usage is proportional: CURSOR_API_KEY is optional and used for authentication. The manifest documents only CURSOR_API_KEY and CURSOR_NO_ANALYTICS. However, execScript passes the current process.env to child processes by default (except in spawn-isolated.sh which uses env -i) — so running in standard mode can expose any environment variables present in the agent runtime to the Cursor CLI subprocess. The skill documents this and provides isolated/container modes to reduce exposure.
Persistence & Privilege
The skill is user-invocable (always: false) and does not request permanent/autonomous inclusion. Declared filesystem access is limited to reading ~/.cursor/cli-config.json (intentional and documented). It does not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install use-cursor
  3. After installation, invoke the skill by name or use /use-cursor
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.11
No user-facing changes in functionality or documentation; only metadata changed (version and YAML headers). - Updated SKILL.md with structured YAML frontmatter for name, version, description, and requirements. - No changes to code, features, documentation, or usage instructions. - No impact to users or workflows.
v1.0.10
No file changes detected for version 1.0.10. - No updates or modifications since the previous version. - All documentation, features, and behavior remain unchanged.
v1.0.9
No changes detected in this version. - No file or documentation changes in version 1.0.9. - Functionality and interface remain unchanged.
v1.0.8
No file changes detected in this release. - Documentation was re-saved with no substantive updates. - No new features, fixes, or security changes included. - Behavior and interfaces remain unchanged.
v1.0.7
No user-facing changes in this version. - Version bump to 1.0.7 with no modifications to source or documentation.
v1.0.6
No changes were detected in this version. - No file modifications were made. - Documentation and functionality remain unchanged from the previous release.
v1.0.5
- No file changes detected in this version. - Documentation and user instructions remain unchanged. - No new features, fixes, or updates in this release.
v1.0.4
- Removed sample test file `audit-test.js` from the repository. - Updated security documentation in SKILL.md to clarify shell argument escaping now uses single-quote method and tmux send-keys literal mode for improved protection. - Added a note in SKILL.md about isolated execution mode using a minimal environment for extra security. - No user-facing functionality changes.
v1.0.3
- Added .clawignore file to specify files to exclude from packaging or deployment. - Added audit-test.js to provide audit or test coverage for the skill.
v1.0.2
## use-cursor v1.0.2 Changelog - Added `manifest.json` for clearer skill metadata and permissions declaration. - Introduced `scripts/spawn-isolated.sh` providing a more isolated task execution mode for improved security. - Security section in documentation expanded with detailed risk analysis and best practices for tmux pane safety. - New tool: `use_cursor_spawn_isolated` enables safe background task runs with a minimal environment. - Clarified environments and use cases for both standard and isolated execution modes in docs.
v1.0.1
**Added security and documentation files for improved transparency and user guidance.** - Added a detailed SECURITY.md outlining data access, privacy, and protection practices. - Introduced a comprehensive README.md explaining installation, usage, and troubleshooting. - Updated SKILL.md to include security notes and FAQs for greater user clarity. - No changes to core skill logic or functionality.
v1.0.0
Initial release: Use Cursor skill integrates OpenClaw with Cursor CLI for advanced software engineering automation. - Enables OpenClaw to control Cursor CLI for interactive, background, and CI/CD tasks using dedicated tools. - Provides robust background task management with tmux, supporting start, check, send instructions, kill, and list operations. - Includes installation guides, troubleshooting steps, and best practices for efficient task execution. - Offers detailed command references, workflows for code review/refactoring, and integration advice. - Documentation covers resource management, usage scenarios, and environment diagnostics.
Metadata
Slug use-cursor
Version 1.0.11
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 12
Frequently Asked Questions

What is Use Cursor?

Manage Cursor CLI tasks via tmux with security hardening. It is an AI Agent Skill for Claude Code / OpenClaw, with 124 downloads so far.

How do I install Use Cursor?

Run "/install use-cursor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Use Cursor free?

Yes, Use Cursor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Use Cursor support?

Use Cursor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Use Cursor?

It is built and maintained by brucezhu888 (@brucezhu888); the current version is v1.0.11.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments