Skill Trust Decision
openclaw-cursor-agent
Skill executes shell commands and writes files for legitimate Cursor CLI task management, but contains dangerous curl|bash installation patterns in documentation that pose supply chain risk if copied.
Most direct threat evidence
High
Dangerous curl|bash pattern in documentation LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh | sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it.
docs/LOCAL_SETUP_GUIDE.md:200 Why this conclusion was reached
2/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
3 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
2 dependency or supply-chain issues need attention.
What drove the risk score up
curl|bash in documentation +25
docs/LOCAL_SETUP_GUIDE.md:200 contains 'curl -fsSL https://tailscale.com/install.sh | sh' - dangerous remote script execution pattern
curl|bash in archive docs +15
docs/archive/WSL最终落地方案.md:79 contains 'curl https://cursor.com/install -fsS | bash'
Hardcoded IP address +5
docs/LOCAL_SETUP_GUIDE.md:339 references external IP 43.162.108.47 for webhook integration
Shell execution not explicitly declared in SKILL.md +5
SKILL.md tools implicitly require shell:WRITE but don't enumerate allowed-tools
Most important evidence
High
Dangerous curl|bash pattern in documentation
LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh | sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it.
docs/LOCAL_SETUP_GUIDE.md:200 Replace with step-by-step instructions or pinned versioned downloads. Add security warning.
High
Remote script execution in archive documentation
WSL最终落地方案.md contains 'curl https://cursor.com/install -fsS | bash' at line 79. This archives dangerous patterns without context.
docs/archive/WSL最终落地方案.md:79 Remove from archive or add explicit security warnings and version pinning.
Medium
Hardcoded external IP address
LOCAL_SETUP_GUIDE.md references external IP 43.162.108.47 for Feishu webhook configuration. This creates a dependency on external infrastructure.
docs/LOCAL_SETUP_GUIDE.md:339 Use environment variables or placeholder documentation instead of hardcoded IPs.
Low
Shell execution not explicitly enumerated
SKILL.md registers tools that execute shell scripts but does not explicitly declare shell:WRITE in allowed-tools or enumerate the specific scripts being run.
SKILL.md:1 Add explicit allowed-tools declaration to SKILL.md.
Declared capability vs actual capability
Shell Pass
Declared WRITE
→ Inferred WRITE
index.js:271 - spawn() executes shell scripts for task management Filesystem Pass
Declared WRITE
→ Inferred WRITE
spawn-cursor.sh:119 - cat > creates task/status/runner files in local directories Network Pass
Declared NONE
→ Inferred NONE
No curl/wget/network calls in executable scripts Suspicious artifacts and egress
Critical Dangerous Command
curl -fsSL https://tailscale.com/install.sh | sh docs/LOCAL_SETUP_GUIDE.md:200
Critical Dangerous Command
curl https://cursor.com/install -fsS | bash docs/archive/WSL最终落地方案.md:79
High IP Address
43.162.108.47 docs/LOCAL_SETUP_GUIDE.md:339
Medium External URL
https://deb.nodesource.com/setup_22.x docs/LOCAL_SETUP_GUIDE.md:65
Medium External URL
https://tailscale.com/install.sh docs/LOCAL_SETUP_GUIDE.md:200
Medium External URL
http://100.x.x.x:18789 docs/LOCAL_SETUP_GUIDE.md:239
Medium External URL
http://你的公网IP:18789 docs/LOCAL_SETUP_GUIDE.md:280
Medium External URL
https://open.feishu.cn/app/ docs/LOCAL_SETUP_GUIDE.md:326
Medium External URL
http://43.162.108.47:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:339
Medium External URL
http://你的IP:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:340
Medium External URL
http://100.x.x.x:18789/webhook/feishu docs/LOCAL_SETUP_GUIDE.md:343
Medium External URL
http://你的IP:18789/status docs/LOCAL_SETUP_GUIDE.md:361
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| node | 22.x | external | No | Referenced in docs - not pinned |
| tmux | 3.3+ | external | No | Required dependency, not a supply chain risk |
| python3 | * | system | No | Standard library only |
File composition
26 files · 3821 lines
Markdown 14 files · 1649 linesShell 6 files · 1323 linesJavaScript 1 files · 721 linesJSON 3 files · 98 linesIgnore 1 files · 28 linesOther 1 files · 2 lines
Files of concern · 2
docs/LOCAL_SETUP_GUIDE.md Dangerous curl|bash pattern in documentation · Hardcoded external IP address · curl -fsSL https://tailscale.com/install.sh | sh · 43.162.108.47 · https://deb.nodesource.com/setup_22.x · https://tailscale.com/install.sh · http://100.x.x.x:18789 · http://你的公网IP:18789 · https://open.feishu.cn/app/ · http://43.162.108.47:18789/webhook/feishu · http://你的IP:18789/webhook/feishu · http://100.x.x.x:18789/webhook/feishu · http://你的IP:18789/status
docs/archive/WSL最终落地方案.md Remote script execution in archive documentation · curl https://cursor.com/install -fsS | bash · https://cursor.com/install
Other files · index.js · check-status.sh · spawn-cursor.sh · common.sh · 最终测试报告.md · kill-session.sh +4
Security positives
No credential harvesting - scripts do not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
No data exfiltration - no network calls from executable scripts to external servers
No base64/eval obfuscation patterns in code
Task files, status files, and logs are stored locally in designated directories
Shell execution is limited to tmux session management and Cursor CLI task execution
Python scripts use safe json/file operations without dangerous patterns