中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 42/100
Last scan:2 days ago Rescan
42 /100
openclaw-cursor-agent
Manage long-running Cursor CLI coding tasks through OpenClaw tools backed by tmux sessions
Skill executes shell commands and writes files for legitimate Cursor CLI task management, but contains dangerous curl|bash installation patterns in documentation that pose supply chain risk if copied.
Skill Nameopenclaw-cursor-agent
Duration67.6s
Enginepi
Use with caution
Document that curl|bash commands should only be used during initial setup, not automated. Consider pinning external URLs to specific versions and adding a security warning about remote script execution.

Findings 4 items

Severity Finding Location
High
Dangerous curl|bash pattern in documentation
LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh | sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it.
curl -fsSL https://tailscale.com/install.sh | sh
→ Replace with step-by-step instructions or pinned versioned downloads. Add security warning.
 docs/LOCAL_SETUP_GUIDE.md:200
High
Remote script execution in archive documentation
WSL最终落地方案.md contains 'curl https://cursor.com/install -fsS | bash' at line 79. This archives dangerous patterns without context.
curl https://cursor.com/install -fsS | bash
→ Remove from archive or add explicit security warnings and version pinning.
 docs/archive/WSL最终落地方案.md:79
Medium
Hardcoded external IP address
LOCAL_SETUP_GUIDE.md references external IP 43.162.108.47 for Feishu webhook configuration. This creates a dependency on external infrastructure.
http://43.162.108.47:18789/webhook/feishu
→ Use environment variables or placeholder documentation instead of hardcoded IPs.
 docs/LOCAL_SETUP_GUIDE.md:339
Low
Shell execution not explicitly enumerated
SKILL.md registers tools that execute shell scripts but does not explicitly declare shell:WRITE in allowed-tools or enumerate the specific scripts being run.
OpenClaw Cursor Agent tools implicitly require shell:WRITE
→ Add explicit allowed-tools declaration to SKILL.md.
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned index.js:271 - spawn() executes shell scripts for task management
Filesystem WRITE WRITE ✓ Aligned spawn-cursor.sh:119 - cat > creates task/status/runner files in local directorie…
Network NONE NONE No curl/wget/network calls in executable scripts
2 Critical 1 High 13 findings
💀
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://tailscale.com/install.sh | sh
docs/LOCAL_SETUP_GUIDE.md:200
💀
Critical Dangerous Command 危险 Shell 命令
curl https://cursor.com/install -fsS | bash
docs/archive/WSL最终落地方案.md:79
📡
High IP Address 硬编码 IP 地址
43.162.108.47
docs/LOCAL_SETUP_GUIDE.md:339
🔗
Medium External URL 外部 URL
https://deb.nodesource.com/setup_22.x
docs/LOCAL_SETUP_GUIDE.md:65
🔗
Medium External URL 外部 URL
https://tailscale.com/install.sh
docs/LOCAL_SETUP_GUIDE.md:200
🔗
Medium External URL 外部 URL
http://100.x.x.x:18789
docs/LOCAL_SETUP_GUIDE.md:239
🔗
Medium External URL 外部 URL
http://你的公网IP:18789
docs/LOCAL_SETUP_GUIDE.md:280
🔗
Medium External URL 外部 URL
https://open.feishu.cn/app/
docs/LOCAL_SETUP_GUIDE.md:326
🔗
Medium External URL 外部 URL
http://43.162.108.47:18789/webhook/feishu
docs/LOCAL_SETUP_GUIDE.md:339
🔗
Medium External URL 外部 URL
http://你的IP:18789/webhook/feishu
docs/LOCAL_SETUP_GUIDE.md:340
🔗
Medium External URL 外部 URL
http://100.x.x.x:18789/webhook/feishu
docs/LOCAL_SETUP_GUIDE.md:343
🔗
Medium External URL 外部 URL
http://你的IP:18789/status
docs/LOCAL_SETUP_GUIDE.md:361
🔗
Medium External URL 外部 URL
https://cursor.com/install
docs/archive/WSL最终落地方案.md:79

File Tree

26 files · 103.3 KB · 3821 lines
Markdown 14f · 1649L Shell 6f · 1323L JavaScript 1f · 721L JSON 3f · 98L Ignore 1f · 28L Other 1f · 2L
├─ 📁 .cursor
│ └─ 📁 skills
│ └─ 📁 openclaw-cursor-agent-system
│ ├─ 📁 references
│ │ ├─ 📝 setup.md Markdown 69L · 2.6 KB
│ │ └─ 📝 task-prompt.md Markdown 5L · 334 B
│ └─ 📝 SKILL.md Markdown 41L · 1.5 KB
├─ 📁 cursor-agent-system
│ ├─ 📁 scripts
│ │ ├─ 🔧 attach-session.sh Shell 57L · 1.6 KB
│ │ ├─ 🔧 check-status.sh Shell 322L · 9.7 KB
│ │ ├─ 🔧 common.sh Shell 285L · 6.1 KB
│ │ ├─ 🔧 kill-session.sh Shell 171L · 4.0 KB
│ │ ├─ 🔧 send-command.sh Shell 145L · 3.5 KB
│ │ └─ 🔧 spawn-cursor.sh Shell 343L · 9.5 KB
│ ├─ 📁 templates
│ │ └─ 📝 cursor-task-prompt.md Markdown 69L · 1.5 KB
│ └─ 📝 README.md Markdown 127L · 3.4 KB
├─ 📁 docs
│ ├─ 📁 archive
│ │ ├─ 📝 WSL最终落地方案.md Markdown 234L · 5.5 KB
│ │ └─ 📝 最终测试报告.md Markdown 199L · 5.6 KB
│ ├─ 📝 LOCAL_SETUP_GUIDE.md Markdown 576L · 9.7 KB
│ └─ 📝 usage-guide.md Markdown 64L · 1.8 KB
├─ 📁 extensions
│ └─ 📁 openclaw-cursor-agent
│ ├─ 📁 examples
│ │ └─ 📋 openclaw.json.windows.example.json JSON 26L · 666 B
│ ├─ 📁 skill
│ │ ├─ 📁 references
│ │ │ └─ 📝 commands.md Markdown 19L · 666 B
│ │ └─ 📝 SKILL.md Markdown 35L · 1.5 KB
│ ├─ 📜 index.js JavaScript 721L · 24.7 KB
│ ├─ 📋 openclaw.plugin.json JSON 57L · 1.5 KB
│ ├─ 📋 package.json JSON 15L · 303 B
│ └─ 📝 README.md Markdown 62L · 1.6 KB
├─ 📄 .gitattributes 2L · 34 B
├─ 📄 .gitignore Ignore 28L · 511 B
├─ 📝 README.md Markdown 92L · 3.3 KB
└─ 📝 SKILL.md Markdown 57L · 2.3 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
node 22.x external No Referenced in docs - not pinned
tmux 3.3+ external No Required dependency, not a supply chain risk
python3 * system No Standard library only

Security Positives

✓ No credential harvesting - scripts do not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No data exfiltration - no network calls from executable scripts to external servers
✓ No base64/eval obfuscation patterns in code
✓ Task files, status files, and logs are stored locally in designated directories
✓ Shell execution is limited to tmux session management and Cursor CLI task execution
✓ Python scripts use safe json/file operations without dangerous patterns