← 返回 Skills 市场

Use Cursor

Name: Use Cursor
Author: brucezhu888

作者 brucezhu888 · GitHub ↗ · v1.0.11 · MIT-0

cross-platform ⚠ suspicious

124

总下载

当前安装

版本数

在 OpenClaw 中安装

/install use-cursor

功能描述

Manage Cursor CLI tasks via tmux with security hardening

安全使用建议

This skill appears to do exactly what it claims: run Cursor CLI inside tmux sessions and return output. Before installing or using it, consider: 1) Run it first in isolated mode (spawn-isolated or inside a container) to avoid leaking environment variables or workspace secrets. 2) Review the included scripts (scripts/*.sh) yourself — the skill intentionally executes shell commands and uses tmux send-keys, which can execute input if a shell is active in the pane. 3) Don't run untrusted task strings on production machines with high-value secrets; use the provided isolation/container guidance. 4) Understand that redaction is pattern-based and may not catch every secret — if you have unusual credential formats, test outputs in a safe environment. If you need to be extra cautious, require manual approval before the skill invokes tools or runs tasks.

功能分析

Type: OpenClaw Skill Name: use-cursor Version: 1.0.11 The skill provides tools to manage the Cursor CLI via tmux, which involves high-risk behaviors like shell execution (child_process.exec) and sending keys to terminal sessions. While the author has implemented significant security hardening—including a custom shell escaping function that strips control characters (index.js), the use of tmux literal mode (-l flag) in all scripts (spawn.sh, send.sh), and automated redaction of emails and API keys—the inherent risk of shell injection and the ability to capture workspace data from tmux panes requires a cautious classification for manual review.

能力评估

✓ Purpose & Capability

Name/description (manage Cursor CLI via tmux) match the code and scripts included: scripts call tmux and agent/cursor-agent, manifest/package.json list tmux and CURSOR_API_KEY, and SKILL.md documents the same. There are no unrelated cloud credentials, exotic binaries, or surprising permissions requested.

ℹ Instruction Scope

Instructions and SKILL.md stay within the stated purpose: they read ~/.cursor/cli-config.json for auth checks, capture tmux pane output to return task results, and call local scripts to run Cursor CLI inside tmux. The skill explicitly documents the primary risk (sending text to a shell via tmux send-keys). Mitigations are present (newline/control-char sanitization, tmux -l literal mode, isolated mode using env -i, output redaction), but residual risks remain: captured pane output may contain secrets and redaction is pattern-based (may miss unusual tokens), and exec inherits the Node process environment unless isolated mode is used.

✓ Install Mechanism

No install spec is provided for downloading arbitrary code; the skill ships scripts and JS in the package (no automatic remote-download at install). SKILL.md suggests user-run installers for Cursor CLI (curl https://cursor.com/install) with explicit advice to review them first — acceptable but user-facing external installer steps are required for Cursor CLI itself, not for the skill.

ℹ Credentials

Declared env usage is proportional: CURSOR_API_KEY is optional and used for authentication. The manifest documents only CURSOR_API_KEY and CURSOR_NO_ANALYTICS. However, execScript passes the current process.env to child processes by default (except in spawn-isolated.sh which uses env -i) — so running in standard mode can expose any environment variables present in the agent runtime to the Cursor CLI subprocess. The skill documents this and provides isolated/container modes to reduce exposure.

✓ Persistence & Privilege

The skill is user-invocable (always: false) and does not request permanent/autonomous inclusion. Declared filesystem access is limited to reading ~/.cursor/cli-config.json (intentional and documented). It does not modify other skills or system-wide agent settings.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install use-cursor
安装完成后，直接呼叫该 Skill 的名称或使用 /use-cursor 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.11

No user-facing changes in functionality or documentation; only metadata changed (version and YAML headers). - Updated SKILL.md with structured YAML frontmatter for name, version, description, and requirements. - No changes to code, features, documentation, or usage instructions. - No impact to users or workflows.

v1.0.10

No file changes detected for version 1.0.10. - No updates or modifications since the previous version. - All documentation, features, and behavior remain unchanged.

v1.0.9

No changes detected in this version. - No file or documentation changes in version 1.0.9. - Functionality and interface remain unchanged.

v1.0.8

No file changes detected in this release. - Documentation was re-saved with no substantive updates. - No new features, fixes, or security changes included. - Behavior and interfaces remain unchanged.

v1.0.7

No user-facing changes in this version. - Version bump to 1.0.7 with no modifications to source or documentation.

v1.0.6

No changes were detected in this version. - No file modifications were made. - Documentation and functionality remain unchanged from the previous release.

v1.0.5

- No file changes detected in this version. - Documentation and user instructions remain unchanged. - No new features, fixes, or updates in this release.

v1.0.4

- Removed sample test file `audit-test.js` from the repository. - Updated security documentation in SKILL.md to clarify shell argument escaping now uses single-quote method and tmux send-keys literal mode for improved protection. - Added a note in SKILL.md about isolated execution mode using a minimal environment for extra security. - No user-facing functionality changes.

v1.0.3

- Added .clawignore file to specify files to exclude from packaging or deployment. - Added audit-test.js to provide audit or test coverage for the skill.

v1.0.2

## use-cursor v1.0.2 Changelog - Added `manifest.json` for clearer skill metadata and permissions declaration. - Introduced `scripts/spawn-isolated.sh` providing a more isolated task execution mode for improved security. - Security section in documentation expanded with detailed risk analysis and best practices for tmux pane safety. - New tool: `use_cursor_spawn_isolated` enables safe background task runs with a minimal environment. - Clarified environments and use cases for both standard and isolated execution modes in docs.

v1.0.1

**Added security and documentation files for improved transparency and user guidance.** - Added a detailed SECURITY.md outlining data access, privacy, and protection practices. - Introduced a comprehensive README.md explaining installation, usage, and troubleshooting. - Updated SKILL.md to include security notes and FAQs for greater user clarity. - No changes to core skill logic or functionality.

v1.0.0

Initial release: Use Cursor skill integrates OpenClaw with Cursor CLI for advanced software engineering automation. - Enables OpenClaw to control Cursor CLI for interactive, background, and CI/CD tasks using dedicated tools. - Provides robust background task management with tmux, supporting start, check, send instructions, kill, and list operations. - Includes installation guides, troubleshooting steps, and best practices for efficient task execution. - Offers detailed command references, workflows for code review/refactoring, and integration advice. - Documentation covers resource management, usage scenarios, and environment diagnostics.

元数据

Slug use-cursor

版本 1.0.11

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 12

常见问题

Use Cursor 是什么？

Manage Cursor CLI tasks via tmux with security hardening. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 124 次。

如何安装 Use Cursor？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-cursor」即可一键安装，无需额外配置。

Use Cursor 是免费的吗？

是的，Use Cursor 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Use Cursor 支持哪些平台？

Use Cursor 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Use Cursor？

由 brucezhu888（@brucezhu888）开发并维护，当前版本 v1.0.11。