← 返回 Skills 市场
133
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install cursor2api
功能描述
Manage and deploy cursor2api to convert Cursor IDE AI conversations into Anthropic/OpenAI API formats, including token refresh and uninstallation.
使用说明 (SKILL.md)
cursor2api
cursor2api bridges Cursor IDE's AI models with OpenClaw/Claude Code by converting Cursor's internal API into standard Anthropic/OpenAI formats.
Architecture:
OpenClaw / Claude Code
↓ (ANTHROPIC_BASE_URL)
cursor2api Docker/Node (:3010)
↓ (Session Token)
Cursor Official API
Prerequisites
- Docker (for containerized deployment) or Node.js 18+ (for local)
- A Cursor account with active AI subscription
WorkosCursorSessionTokenfrom Cursor
Quick Start
# 1. Get your WorkosCursorSessionToken (see references/token.md)
# 2. Start the service
docker run -d \
--name cursor-api \
-p 3010:3000 \
-e WORKOS_CURSOR_SESSION_TOKEN=your_token \
waitkafuka/cursor-api:latest
# 3. Configure OpenClaw
export ANTHROPIC_BASE_URL="http://localhost:3010/v1"
export ANTHROPIC_API_KEY="your_token"
export ANTHROPIC_DEFAULT_SONNET_MODEL="claude-sonnet-4-6"
# 4. Restart OpenClaw
openclaw gateway restart
Core Operations
| Operation | Command |
|---|---|
| Install | docker run -d --name cursor-api -p 3010:3000 -e WORKOS_CURSOR_SESSION_TOKEN=token waitkafuka/cursor-api:latest |
| Status | docker ps | grep cursor-api |
| Refresh Token | See references/token.md |
| Uninstall | docker stop cursor-api && docker rm cursor-api |
API Endpoints
| Endpoint | Format | Compatible With |
|---|---|---|
http://localhost:3010/v1/messages |
Anthropic Messages API | OpenClaw, Claude Code |
http://localhost:3010/v1/chat/completions |
OpenAI Chat Completions | CC Switch, Universal |
Documentation
| Document | Description |
|---|---|
| Installation Guide | Docker deployment, verification, troubleshooting |
| Token Management | Obtaining and refreshing WorkosCursorSessionToken |
| Configuration | OpenClaw, Claude Code, CC Switch setup |
| Quick Reference | One-page cheat sheet |
⚠️ Important Notes
- ToS Risk: Using third-party proxies may violate Cursor's Terms of Service
- Token Expiry: Session tokens expire periodically; monitor and refresh as needed
- API Stability: Cursor's internal API may change without notice
安全使用建议
This skill appears to do what it says, but exercise caution. Key points to consider before installing or following its instructions:
- The runtime relies on a third-party Docker image (waitkafuka/cursor-api:latest) with no source or homepage; pulling/running it may execute arbitrary code. Verify the image source or run it in an isolated VM/container environment.
- The instructions require you to extract a session cookie (WorkosCursorSessionToken) from your browser and use it as an API key. That token is highly sensitive: anyone possessing it can access your Cursor account. Avoid storing it in plaintext files or shell rc files; prefer a secure secret store, short-lived tokens, or a dedicated throwaway account if you must test.
- The skill metadata does not declare the env vars it actually uses (WORKOS_CURSOR_SESSION_TOKEN, ANTHROPIC_API_KEY). That mismatch is an incoherence—treat the provided metadata as incomplete.
- Using a session cookie as an API key and proxying Cursor traffic may violate Cursor's Terms of Service; the docs note ToS risk—review Cursor's policies first.
- If you decide to proceed: inspect the Docker image (source repo or image contents), run it on a non-production or isolated host, do not reuse high-privilege credentials, and avoid persisting tokens in plaintext.
If you want stronger assurance, ask the skill author for the image repository/source, a reproducible Dockerfile, or a signed release, and for metadata to be updated to declare the required env vars/credentials.
功能分析
Type: OpenClaw Skill
Name: cursor2api
Version: 1.0.2
The skill bundle facilitates the deployment of a third-party Docker image (waitkafuka/cursor-api:latest) and requires the user to provide a sensitive session cookie (WorkosCursorSessionToken) to proxy Cursor IDE's internal API. It includes instructions for the AI agent to modify shell configuration files (~/.zshrc, ~/.bashrc) and execute Docker commands, which are high-risk operations. While these actions are aligned with the stated purpose of the tool, the reliance on an opaque external image and the handling of session credentials represent a significant security risk without further verification of the container's contents.
能力评估
Purpose & Capability
The declared goal—run a cursor2api proxy so Cursor conversations appear as Anthropic/OpenAI API calls—is consistent with the commands and files. Requiring Docker/Node and a Cursor session token is reasonable for this purpose. However the skill metadata declares no required env vars/credentials while the runtime instructions repeatedly require and use a sensitive WorkosCursorSessionToken and ANTHROPIC_API_KEY, which is an internal inconsistency.
Instruction Scope
The SKILL.md and references instruct users to extract a browser session cookie (WorkosCursorSessionToken) via DevTools and place that token into env vars or plaintext dotfiles (~/.cursor2apirc, ~/.zshrc). They also provide curl examples and an auto-refresh script that restarts a docker container with the token. This guidance involves handling and persisting a highly sensitive session cookie and suggests actions (storing tokens in shell config) that expand scope beyond a minimal proxy setup. The instructions also acknowledge ToS risk but do not provide safer alternatives.
Install Mechanism
There is no packaged install spec, but the skill's core operations rely on pulling and running a third-party Docker image (waitkafuka/cursor-api:latest). Running an unvetted container from Docker Hub can execute arbitrary code on the host. No provenance, homepage, or source repo is provided to validate that image. The included refresh script simply restarts that container (benign), but the primary runtime behavior depends on the remote image's trustworthiness.
Credentials
The metadata lists no required environment variables or primary credential, yet the documentation and commands require WORKOS_CURSOR_SESSION_TOKEN and set ANTHROPIC_API_KEY (the session token). Asking users to copy a session cookie and store it in env files or use it as an API key is high-sensitivity. The skill does not request unrelated credentials, but its handling and recommended storage of this secret (plaintext rc files, scripts) is disproportionate and risky. The instructions also recommend using the token as an API key across services and host machines (local/remote), increasing exposure.
Persistence & Privilege
The skill is instruction-only and not forced always-on. It does, however, instruct users to modify shell rc files (~/.zshrc) and create a dotfile (~/.cursor2apirc) and a script (~~/scripts/cursor-token-refresh.sh) for convenience—these are user-facing persistence recommendations (not automated by the skill). This elevates the operational footprint on the user's machine but does not request platform-level privileges or change other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cursor2api - 安装完成后,直接呼叫该 Skill 的名称或使用
/cursor2api触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Remove non-English content from ClawHub version (keep EN only)
v1.0.1
Add bilingual README.md for GitHub
v1.0.0
Initial release with bilingual EN/CN documentation
元数据
常见问题
Cursor2api Skill Clawhub 是什么?
Manage and deploy cursor2api to convert Cursor IDE AI conversations into Anthropic/OpenAI API formats, including token refresh and uninstallation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 Cursor2api Skill Clawhub?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cursor2api」即可一键安装,无需额外配置。
Cursor2api Skill Clawhub 是免费的吗?
是的,Cursor2api Skill Clawhub 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Cursor2api Skill Clawhub 支持哪些平台?
Cursor2api Skill Clawhub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Cursor2api Skill Clawhub?
由 Jialin(@0xcjl)开发并维护,当前版本 v1.0.2。
推荐 Skills