openclaw-cursor-agent 安全扫描报告 — 可疑 | ClawSafe

42 /100

openclaw-cursor-agent

Manage long-running Cursor CLI coding tasks through OpenClaw tools backed by tmux sessions

Skill executes shell commands and writes files for legitimate Cursor CLI task management, but contains dangerous curl|bash installation patterns in documentation that pose supply chain risk if copied.

技能名称openclaw-cursor-agent

分析耗时67.6s

引擎pi

⚠

谨慎使用

Document that curl|bash commands should only be used during initial setup, not automated. Consider pinning external URLs to specific versions and adding a security warning about remote script execution.

安全发现 4 项

严重性	安全发现	位置
高危	Dangerous curl\|bash pattern in documentation LOCAL_SETUP_GUIDE.md contains 'curl -fsSL https://tailscale.com/install.sh \| sh' at line 200. While in documentation, this pattern is a known supply chain attack vector if users copy and execute it. `curl -fsSL https://tailscale.com/install.sh \| sh` → Replace with step-by-step instructions or pinned versioned downloads. Add security warning.	`docs/LOCAL_SETUP_GUIDE.md:200`
高危	Remote script execution in archive documentation WSL最终落地方案.md contains 'curl https://cursor.com/install -fsS \| bash' at line 79. This archives dangerous patterns without context. `curl https://cursor.com/install -fsS \| bash` → Remove from archive or add explicit security warnings and version pinning.	`docs/archive/WSL最终落地方案.md:79`
中危	Hardcoded external IP address LOCAL_SETUP_GUIDE.md references external IP 43.162.108.47 for Feishu webhook configuration. This creates a dependency on external infrastructure. `http://43.162.108.47:18789/webhook/feishu` → Use environment variables or placeholder documentation instead of hardcoded IPs.	`docs/LOCAL_SETUP_GUIDE.md:339`
低危	Shell execution not explicitly enumerated SKILL.md registers tools that execute shell scripts but does not explicitly declare shell:WRITE in allowed-tools or enumerate the specific scripts being run. `OpenClaw Cursor Agent tools implicitly require shell:WRITE` → Add explicit allowed-tools declaration to SKILL.md.	`SKILL.md:1`

资源类型	声明权限	推断权限	状态	证据
命令执行	`WRITE`	`WRITE`	✓ 一致	index.js:271 - spawn() executes shell scripts for task management
文件系统	`WRITE`	`WRITE`	✓ 一致	spawn-cursor.sh:119 - cat > creates task/status/runner files in local directorie…
网络访问	`NONE`	`NONE`	—	No curl/wget/network calls in executable scripts

2 严重 1 高危 13 项发现

💀

严重危险命令危险 Shell 命令

curl -fsSL https://tailscale.com/install.sh | sh

docs/LOCAL_SETUP_GUIDE.md:200

💀

严重危险命令危险 Shell 命令

curl https://cursor.com/install -fsS | bash

docs/archive/WSL最终落地方案.md:79

📡

高危 IP 地址硬编码 IP 地址

43.162.108.47

docs/LOCAL_SETUP_GUIDE.md:339

🔗

中危外部 URL 外部 URL

https://deb.nodesource.com/setup_22.x

docs/LOCAL_SETUP_GUIDE.md:65

🔗

中危外部 URL 外部 URL

https://tailscale.com/install.sh

docs/LOCAL_SETUP_GUIDE.md:200

🔗

中危外部 URL 外部 URL

http://100.x.x.x:18789

docs/LOCAL_SETUP_GUIDE.md:239

🔗

中危外部 URL 外部 URL

http://你的公网IP:18789

docs/LOCAL_SETUP_GUIDE.md:280

🔗

中危外部 URL 外部 URL

https://open.feishu.cn/app/

docs/LOCAL_SETUP_GUIDE.md:326

🔗

中危外部 URL 外部 URL

http://43.162.108.47:18789/webhook/feishu

docs/LOCAL_SETUP_GUIDE.md:339

🔗

中危外部 URL 外部 URL

http://你的IP:18789/webhook/feishu

docs/LOCAL_SETUP_GUIDE.md:340

🔗

中危外部 URL 外部 URL

http://100.x.x.x:18789/webhook/feishu

docs/LOCAL_SETUP_GUIDE.md:343

🔗

中危外部 URL 外部 URL

http://你的IP:18789/status

docs/LOCAL_SETUP_GUIDE.md:361

🔗

中危外部 URL 外部 URL

https://cursor.com/install

docs/archive/WSL最终落地方案.md:79

目录结构

26 文件 · 103.3 KB · 3821 行

Markdown 14f · 1649L Shell 6f · 1323L JavaScript 1f · 721L JSON 3f · 98L Ignore 1f · 28L Other 1f · 2L

├─ ▾ 📁 .cursor

│ └─ ▾ 📁 skills

│ └─ ▾ 📁 openclaw-cursor-agent-system

│ ├─ ▾ 📁 references

│ │ ├─ 📝 setup.md Markdown 69L · 2.6 KB

│ │ └─ 📝 task-prompt.md Markdown 5L · 334 B

│ └─ 📝 SKILL.md Markdown 41L · 1.5 KB

├─ ▾ 📁 cursor-agent-system

│ ├─ ▾ 📁 scripts

│ │ ├─ 🔧 attach-session.sh Shell 57L · 1.6 KB

│ │ ├─ 🔧 check-status.sh Shell 322L · 9.7 KB

│ │ ├─ 🔧 common.sh Shell 285L · 6.1 KB

│ │ ├─ 🔧 kill-session.sh Shell 171L · 4.0 KB

│ │ ├─ 🔧 send-command.sh Shell 145L · 3.5 KB

│ │ └─ 🔧 spawn-cursor.sh Shell 343L · 9.5 KB

│ ├─ ▾ 📁 templates

│ │ └─ 📝 cursor-task-prompt.md Markdown 69L · 1.5 KB

│ └─ 📝 README.md Markdown 127L · 3.4 KB

├─ ▾ 📁 docs

│ ├─ ▾ 📁 archive

│ │ ├─ 📝 WSL最终落地方案.md Markdown 234L · 5.5 KB

│ │ └─ 📝 最终测试报告.md Markdown 199L · 5.6 KB

│ ├─ 📝 LOCAL_SETUP_GUIDE.md Markdown 576L · 9.7 KB

│ └─ 📝 usage-guide.md Markdown 64L · 1.8 KB

├─ ▾ 📁 extensions

│ └─ ▾ 📁 openclaw-cursor-agent

│ ├─ ▾ 📁 examples

│ │ └─ 📋 openclaw.json.windows.example.json JSON 26L · 666 B

│ ├─ ▾ 📁 skill

│ │ ├─ ▾ 📁 references

│ │ │ └─ 📝 commands.md Markdown 19L · 666 B

│ │ └─ 📝 SKILL.md Markdown 35L · 1.5 KB

│ ├─ 📜 index.js JavaScript 721L · 24.7 KB

│ ├─ 📋 openclaw.plugin.json JSON 57L · 1.5 KB

│ ├─ 📋 package.json JSON 15L · 303 B

│ └─ 📝 README.md Markdown 62L · 1.6 KB

├─ 📄 .gitattributes 2L · 34 B

├─ 📄 .gitignore Ignore 28L · 511 B

├─ 📝 README.md Markdown 92L · 3.3 KB

└─ 📝 SKILL.md Markdown 57L · 2.3 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`node`	`22.x`	external	否	Referenced in docs - not pinned
`tmux`	`3.3+`	external	否	Required dependency, not a supply chain risk
`python3`	`*`	system	否	Standard library only

安全亮点

✓ No credential harvesting - scripts do not access ~/.ssh, ~/.aws, .env, or similar sensitive paths

✓ No data exfiltration - no network calls from executable scripts to external servers

✓ No base64/eval obfuscation patterns in code

✓ Task files, status files, and logs are stored locally in designated directories

✓ Shell execution is limited to tmux session management and Cursor CLI task execution

✓ Python scripts use safe json/file operations without dangerous patterns