← Back to Skills Marketplace
0xcjl

Cursor2api Skill Clawhub

by Jialin · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
133
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install cursor2api
Description
Manage and deploy cursor2api to convert Cursor IDE AI conversations into Anthropic/OpenAI API formats, including token refresh and uninstallation.
README (SKILL.md)

cursor2api

cursor2api bridges Cursor IDE's AI models with OpenClaw/Claude Code by converting Cursor's internal API into standard Anthropic/OpenAI formats.

Architecture:

OpenClaw / Claude Code
         ↓ (ANTHROPIC_BASE_URL)
cursor2api Docker/Node (:3010)
         ↓ (Session Token)
Cursor Official API

Prerequisites

  • Docker (for containerized deployment) or Node.js 18+ (for local)
  • A Cursor account with active AI subscription
  • WorkosCursorSessionToken from Cursor

Quick Start

# 1. Get your WorkosCursorSessionToken (see references/token.md)

# 2. Start the service
docker run -d \
  --name cursor-api \
  -p 3010:3000 \
  -e WORKOS_CURSOR_SESSION_TOKEN=your_token \
  waitkafuka/cursor-api:latest

# 3. Configure OpenClaw
export ANTHROPIC_BASE_URL="http://localhost:3010/v1"
export ANTHROPIC_API_KEY="your_token"
export ANTHROPIC_DEFAULT_SONNET_MODEL="claude-sonnet-4-6"

# 4. Restart OpenClaw
openclaw gateway restart

Core Operations

Operation Command
Install docker run -d --name cursor-api -p 3010:3000 -e WORKOS_CURSOR_SESSION_TOKEN=token waitkafuka/cursor-api:latest
Status docker ps | grep cursor-api
Refresh Token See references/token.md
Uninstall docker stop cursor-api && docker rm cursor-api

API Endpoints

Endpoint Format Compatible With
http://localhost:3010/v1/messages Anthropic Messages API OpenClaw, Claude Code
http://localhost:3010/v1/chat/completions OpenAI Chat Completions CC Switch, Universal

Documentation

Document Description
Installation Guide Docker deployment, verification, troubleshooting
Token Management Obtaining and refreshing WorkosCursorSessionToken
Configuration OpenClaw, Claude Code, CC Switch setup
Quick Reference One-page cheat sheet

⚠️ Important Notes

  • ToS Risk: Using third-party proxies may violate Cursor's Terms of Service
  • Token Expiry: Session tokens expire periodically; monitor and refresh as needed
  • API Stability: Cursor's internal API may change without notice
Usage Guidance
This skill appears to do what it says, but exercise caution. Key points to consider before installing or following its instructions: - The runtime relies on a third-party Docker image (waitkafuka/cursor-api:latest) with no source or homepage; pulling/running it may execute arbitrary code. Verify the image source or run it in an isolated VM/container environment. - The instructions require you to extract a session cookie (WorkosCursorSessionToken) from your browser and use it as an API key. That token is highly sensitive: anyone possessing it can access your Cursor account. Avoid storing it in plaintext files or shell rc files; prefer a secure secret store, short-lived tokens, or a dedicated throwaway account if you must test. - The skill metadata does not declare the env vars it actually uses (WORKOS_CURSOR_SESSION_TOKEN, ANTHROPIC_API_KEY). That mismatch is an incoherence—treat the provided metadata as incomplete. - Using a session cookie as an API key and proxying Cursor traffic may violate Cursor's Terms of Service; the docs note ToS risk—review Cursor's policies first. - If you decide to proceed: inspect the Docker image (source repo or image contents), run it on a non-production or isolated host, do not reuse high-privilege credentials, and avoid persisting tokens in plaintext. If you want stronger assurance, ask the skill author for the image repository/source, a reproducible Dockerfile, or a signed release, and for metadata to be updated to declare the required env vars/credentials.
Capability Analysis
Type: OpenClaw Skill Name: cursor2api Version: 1.0.2 The skill bundle facilitates the deployment of a third-party Docker image (waitkafuka/cursor-api:latest) and requires the user to provide a sensitive session cookie (WorkosCursorSessionToken) to proxy Cursor IDE's internal API. It includes instructions for the AI agent to modify shell configuration files (~/.zshrc, ~/.bashrc) and execute Docker commands, which are high-risk operations. While these actions are aligned with the stated purpose of the tool, the reliance on an opaque external image and the handling of session credentials represent a significant security risk without further verification of the container's contents.
Capability Assessment
Purpose & Capability
The declared goal—run a cursor2api proxy so Cursor conversations appear as Anthropic/OpenAI API calls—is consistent with the commands and files. Requiring Docker/Node and a Cursor session token is reasonable for this purpose. However the skill metadata declares no required env vars/credentials while the runtime instructions repeatedly require and use a sensitive WorkosCursorSessionToken and ANTHROPIC_API_KEY, which is an internal inconsistency.
Instruction Scope
The SKILL.md and references instruct users to extract a browser session cookie (WorkosCursorSessionToken) via DevTools and place that token into env vars or plaintext dotfiles (~/.cursor2apirc, ~/.zshrc). They also provide curl examples and an auto-refresh script that restarts a docker container with the token. This guidance involves handling and persisting a highly sensitive session cookie and suggests actions (storing tokens in shell config) that expand scope beyond a minimal proxy setup. The instructions also acknowledge ToS risk but do not provide safer alternatives.
Install Mechanism
There is no packaged install spec, but the skill's core operations rely on pulling and running a third-party Docker image (waitkafuka/cursor-api:latest). Running an unvetted container from Docker Hub can execute arbitrary code on the host. No provenance, homepage, or source repo is provided to validate that image. The included refresh script simply restarts that container (benign), but the primary runtime behavior depends on the remote image's trustworthiness.
Credentials
The metadata lists no required environment variables or primary credential, yet the documentation and commands require WORKOS_CURSOR_SESSION_TOKEN and set ANTHROPIC_API_KEY (the session token). Asking users to copy a session cookie and store it in env files or use it as an API key is high-sensitivity. The skill does not request unrelated credentials, but its handling and recommended storage of this secret (plaintext rc files, scripts) is disproportionate and risky. The instructions also recommend using the token as an API key across services and host machines (local/remote), increasing exposure.
Persistence & Privilege
The skill is instruction-only and not forced always-on. It does, however, instruct users to modify shell rc files (~/.zshrc) and create a dotfile (~/.cursor2apirc) and a script (~~/scripts/cursor-token-refresh.sh) for convenience—these are user-facing persistence recommendations (not automated by the skill). This elevates the operational footprint on the user's machine but does not request platform-level privileges or change other skills' configs.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cursor2api
  3. After installation, invoke the skill by name or use /cursor2api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Remove non-English content from ClawHub version (keep EN only)
v1.0.1
Add bilingual README.md for GitHub
v1.0.0
Initial release with bilingual EN/CN documentation
Metadata
Slug cursor2api
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Cursor2api Skill Clawhub?

Manage and deploy cursor2api to convert Cursor IDE AI conversations into Anthropic/OpenAI API formats, including token refresh and uninstallation. It is an AI Agent Skill for Claude Code / OpenClaw, with 133 downloads so far.

How do I install Cursor2api Skill Clawhub?

Run "/install cursor2api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cursor2api Skill Clawhub free?

Yes, Cursor2api Skill Clawhub is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cursor2api Skill Clawhub support?

Cursor2api Skill Clawhub is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cursor2api Skill Clawhub?

It is built and maintained by Jialin (@0xcjl); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments