Use Cursor - OpenClaw + Cursor CLI Integration
Enable OpenClaw to execute Cursor CLI for various software engineering tasks, supporting interactive mode, background tasks, CI/CD, and more.
🔒 Security Notes
Before installing, understand these security implications:
What This Skill Does
- - ✅ Manages Cursor CLI tasks via tmux (stated purpose)
- ✅ Reads
~/.cursor/cli-config.json to check auth status (email redacted in output) - ✅ Captures tmux pane output (may contain workspace code/data)
- ✅ All shell arguments are escaped to prevent injection
- ✅ Does not download remote code at install time
Privacy Considerations
| Data Access | Purpose | Protection |
|---|
| INLINECODE1 | Check auth status | Email redacted (shows ***@domain.com) |
| INLINECODE3 |
Check auth status | Not read, only existence checked |
|
$CURSOR_API_KEY | Optional auth | Not logged or stored |
|
$PATH,
$HOME, etc. | Inherited by child processes | Not modified or logged |
| tmux output | Return task results | May contain workspace data |
⚠️ Critical: tmux Pane Execution Risk
This skill sends user-provided strings into tmux panes via tmux send-keys.
How it works:
- 1. Script creates tmux session
- Runs
agent --print --trust 'TASK' in the pane - Captures pane output and returns to agent
Risk: If the pane is running a shell, any text sent via send-keys will be executed. While we escape arguments at the JavaScript level, special characters/control sequences could still affect the shell.
Mitigation:
- - Use in isolated environments (container/VM) for untrusted tasks
- Don't run on production machines with live secrets
- Review task strings before sending
Recommendations
| Environment | Recommendation |
|---|
| Personal dev machine | ✅ Safe for normal projects |
| Open source work |
✅ Safe |
| Corporate environment | ⚠️ Review with security team first |
| Production server | ❌ Not recommended |
| Machine with high-value secrets | ❌ Use isolated container/VM |
Security Features (v1.0.0+)
- - ✓ Shell argument escaping via single-quote method (prevents injection)
- ✓ tmux literal mode (
-l flag) for all send-keys commands - ✓ Email redaction (
***@domain.com) - ✓ API key/token redaction in output
- ✓ No autonomous execution (
always: false) - ✓ No remote code download
- ✓ Explicit permissions declared in manifest
- ✓ Isolated mode with minimal environment (hardcoded PATH)
🎯 Use Cases
| Scenario | Recommended Mode | Description |
|---|
| Quick tasks | Interactive | Direct �INLINECODE13 |
| Long-running coding |
Background | tmux-managed, no timeout |
| CI/CD automation | Non-interactive |
agent -p + JSON output |
| Code review | Interactive/Background | With context analysis |
| Large refactoring | Background | Interruptible, resumable |
📦 Installation
1. Install Cursor CLI
⚠️ Security Note: The following install commands use remote scripts. Review them first or use your package manager when possible.
macOS:
�CODEBLOCK0
Linux/WSL:
�CODEBLOCK1
Verify installation:
�CODEBLOCK2
Required Dependencies:
- -
tmux - Terminal multiplexer (required for background tasks) - INLINECODE16� or
cursor-agent - Cursor CLI (required) - INLINECODE18� - Optional, or use
agent login for browser auth
2. Authentication
CODEBLOCK3
3. Install tmux (Required for background tasks)
CODEBLOCK4�
🛠️ OpenClaw Tools
Tool List
| Tool | Description | Example |
|---|
| INLINECODE20 | Start background Cursor task (standard mode) | INLINECODE21 |
| INLINECODE22 |
Start task with minimal environment |
use_cursor_spawn_isolated "task" |
|
use_cursor_check | Check task status |
use_cursor_check session-name |
|
use_cursor_send | Send additional instructions |
use_cursor_send session-name "make it async" |
|
use_cursor_kill | End task |
use_cursor_kill session-name |
|
use_cursor_list | List all tasks |
use_cursor_list |
|
use_cursor_doctor | Diagnose environment |
use_cursor_doctor |
Execution Modes
| Mode | Script | Use Case |
|---|
| Standard | INLINECODE34 | Normal development, trusted tasks |
| Isolated |
spawn-isolated.sh | Untrusted inputs, shared machines |
|
Container | Docker/Podman | Maximum isolation (manual setup) |
🚀 Usage
Method 1: Background Task Mode (Recommended for large jobs)
CODEBLOCK5
Follow-up operations:
�CODEBLOCK6
Method 2: Direct Run Mode (Small tasks)
CODEBLOCK7
Method 3: Interactive Mode (Local debugging)
CODEBLOCK8�
📋 Cursor CLI Command Reference
Basic Commands
| Command | Description |
|---|
| INLINECODE36 | Start interactive session |
| INLINECODE37 |
Execute task directly |
|
agent -p "task" | Print mode (for scripts) |
|
agent --model <name> | Specify model |
|
agent --resume="<id>" | Resume session |
|
agent ls | List sessions |
|
agent resume | Resume most recent session |
|
agent models | List available models |
|
agent update | Update CLI |
Slash Commands (Interactive Mode)
| Command | Description |
|---|
| INLINECODE45 | Switch models |
| INLINECODE46 |
Compress session history |
|
/rules | Manage rules |
|
/commands | Manage custom commands |
|
/mcp enable <server> | Enable MCP server |
|
/mcp disable <server> | Disable MCP server |
Keyboard Shortcuts
| Shortcut | Description |
|---|
| INLINECODE51 | New line |
| INLINECODE52 |
Exit (requires double-press) |
|
Ctrl+R | Review changes |
|
↑/↓ | History messages |
🔧 Background Task Architecture
CODEBLOCK9
tmux Session Management
CODEBLOCK10�
📊 Workflows
Code Review
CODEBLOCK11
Refactoring
CODEBLOCK12
Debugging
CODEBLOCK13
Git Integration
CODEBLOCK14
CI/CD
CODEBLOCK15�
⚠️ Notes
TTY Issues
❌ These will hang:
�CODEBLOCK16
✅ Correct approach:
�CODEBLOCK17
Timeout Protection
- - Small tasks (<5 min): Use
use_cursor_run directly - Medium tasks (5-30 min): Background mode + periodic checks
- Large tasks (>30 min): Background mode +分段 execution
Resource Management
- - Each tmux session uses ~50-100MB memory
- Recommend max 3-5 concurrent background tasks
- Use
use_cursor_kill to clean up completed tasks
🏥 Troubleshooting
use_cursor_doctor Checklist
- 1. ✅ tmux installed
- ✅ agent CLI executable
- ✅ Authentication status (CURSORAPIKEY or login)
- ✅ Working directory permissions
- ✅ Network connectivity
Common Issues
Q: Task exits immediately after starting
- - Check Cursor authentication status
- Ensure working directory has code
Q: tmux session not found
- - Run
use_cursor_list to check active sessions - May have been killed or timed out
Q: Garbled output
- - tmux encoding issue, try �INLINECODE59
Security FAQs
Q: Does this skill send my code to external servers?
- - A: No. Code stays on your machine. Cursor CLI may send to Anthropic/Claude API (that's how Cursor works).
Q: Can this skill access my Cursor API key?
- - A: It can detect if
$CURSOR_API_KEY is set, but doesn't log or transmit it.
Q: Is my email address exposed?
- - A: No. Email is redacted to
***@domain.com in all outputs.
Q: Can malicious input cause shell injection?
- - A: v1.0.0+ escapes all shell arguments. Earlier versions had this risk.
📁 File Structure
CODEBLOCK18�
🔗 References
Version: 1.0.1
Merged from: cursor-agent (2.1.0) + openclaw-cursor-agent (1.0.0)
Authors: Bruce + 凤雏 🦞
Skill Name: use-cursor
Changelog
v1.0.4 (2026-03-31)
- - ✅ Fixed: Newline/control character injection vulnerability - now sanitized before escaping
- ✅ Added: Control char removal (/[\x00-\x1f\x7f]/g) to prevent all tmux control sequence attacks
- ✅ Updated: SECURITY.md with sanitization documentation
- ✅ Fixed: Documentation mismatch - changed "JSON.stringify()" to "single-quote method" in SECURITY.md
- ✅ Fixed: Repository/homepage URLs updated to openclaw/skills (no more placeholders)
- ✅ Fixed: Added source field to manifest.json for provenance tracking
- ✅ Enhanced: Detailed code comments explaining why childprocess is safe
- ✅ Clarified: Static analysis flag (childprocess) is FALSE POSITIVE for this use case
- ✅ Updated: manifest.json notes with child_process justification
v1.0.1 (2026-03-31)
- - ✅ Fixed: spawn-isolated.sh
cd command now uses -l flag - ✅ Verified: ALL tmux send-keys use literal mode (-l)
- ✅ Updated: manifest.json with detailed security notes
- ✅ Clarified: Default mode inherits env, isolated mode uses env -i
v1.0.0 (2026-03-31)
- - Initial release with security hardening
使用 Cursor - OpenClaw + Cursor CLI 集成
使 OpenClaw 能够执行 Cursor CLI 以完成各种软件工程任务,支持交互模式、后台任务、CI/CD 等。
🔒 安全说明
安装前,请了解以下安全影响:
此技能的功能
- - ✅ 通过 tmux 管理 Cursor CLI 任务(既定用途)
- ✅ 读取 ~/.cursor/cli-config.json 以检查认证状态(输出中邮箱已脱敏)
- ✅ 捕获 tmux 窗格输出(可能包含工作区代码/数据)
- ✅ 所有 shell 参数均已转义以防止注入
- ✅ 安装时不下载远程代码
隐私考量
| 数据访问 | 用途 | 保护措施 |
|---|
| ~/.cursor/cli-config.json | 检查认证状态 | 邮箱已脱敏(显示为 *@domain.com) |
| ~/.cursor/credentials |
检查认证状态 | 不读取,仅检查是否存在 |
| $CURSOR
APIKEY | 可选认证 | 不记录或存储 |
| $PATH、$HOME 等 | 由子进程继承 | 不修改或记录 |
| tmux 输出 | 返回任务结果 | 可能包含工作区数据 |
⚠️ 关键:tmux 窗格执行风险
此技能通过 tmux send-keys 将用户提供的字符串发送到 tmux 窗格中。
工作原理:
- 1. 脚本创建 tmux 会话
- 在窗格中运行 agent --print --trust TASK
- 捕获窗格输出并返回给 agent
风险: 如果窗格正在运行 shell,通过 send-keys 发送的任何文本都将被执行。虽然我们在 JavaScript 层面转义了参数,但特殊字符/控制序列仍可能影响 shell。
缓解措施:
- - 在隔离环境(容器/虚拟机)中用于不受信任的任务
- 不要在包含实时密钥的生产机器上运行
- 发送前检查任务字符串
建议
✅ 安全 |
| 企业环境 | ⚠️ 先与安全团队审查 |
| 生产服务器 | ❌ 不推荐 |
| 包含高价值密钥的机器 | ❌ 使用隔离容器/虚拟机 |
安全特性(v1.0.0+)
- - ✓ 通过单引号方法进行 Shell 参数转义(防止注入)
- ✓ 所有 send-keys 命令使用 tmux 字面模式(-l 标志)
- ✓ 邮箱脱敏(*@domain.com)
- ✓ 输出中 API 密钥/令牌脱敏
- ✓ 无自主执行(always: false)
- ✓ 无远程代码下载
- ✓ 清单中声明了显式权限
- ✓ 使用最小环境的隔离模式(硬编码 PATH)
🎯 使用场景
| 场景 | 推荐模式 | 描述 |
|---|
| 快速任务 | 交互式 | 直接使用 agent 任务描述 |
| 长时间编码 |
后台 | tmux 管理,无超时 |
| CI/CD 自动化 | 非交互式 | agent -p + JSON 输出 |
| 代码审查 | 交互式/后台 | 附带上下文分析 |
| 大型重构 | 后台 | 可中断、可恢复 |
📦 安装
1. 安装 Cursor CLI
⚠️ 安全说明: 以下安装命令使用远程脚本。请先审查它们,或尽可能使用包管理器。
macOS:
bash
推荐:使用 Homebrew(先审查公式)
brew install --cask cursor-cli
替代方案:官方安装程序(在 https://cursor.com/install 审查)
curl https://cursor.com/install -fsS | bash
Linux/WSL:
bash
先下载并检查安装程序
curl -fsS https://cursor.com/install -o cursor-install.sh
less cursor-install.sh # 运行前审查
bash cursor-install.sh
或检查是否可通过包管理器获取
验证安装:
bash
agent --version
或
cursor-agent --version
必需依赖:
- - tmux - 终端复用器(后台任务必需)
- agent 或 cursor-agent - Cursor CLI(必需)
- CURSORAPIKEY - 可选,或使用 agent login 进行浏览器认证
2. 认证
bash
agent login
或设置 API 密钥
export CURSOR
APIKEY=your
apikey_here
3. 安装 tmux(后台任务必需)
bash
Ubuntu/Debian
sudo apt install tmux
macOS
brew install tmux
CentOS/RHEL
sudo yum install tmux
🛠️ OpenClaw 工具
工具列表
| 工具 | 描述 | 示例 |
|---|
| usecursorspawn | 启动后台 Cursor 任务(标准模式) | usecursorspawn 重构此模块 |
| usecursorspawnisolated |
以最小环境启动任务 | usecursor
spawnisolated 任务 |
| use
cursorcheck | 检查任务状态 | use
cursorcheck 会话名称 |
| use
cursorsend | 发送额外指令 | use
cursorsend 会话名称 使其异步 |
| use
cursorkill | 结束任务 | use
cursorkill 会话名称 |
| use
cursorlist | 列出所有任务 | use
cursorlist |
| use
cursordoctor | 诊断环境 | use
cursordoctor |
执行模式
| 模式 | 脚本 | 使用场景 |
|---|
| 标准 | spawn.sh | 正常开发,受信任任务 |
| 隔离 |
spawn-isolated.sh | 不受信任输入,共享机器 |
|
容器 | Docker/Podman | 最大隔离(手动设置) |
🚀 使用方法
方法 1:后台任务模式(推荐用于大型任务)
用户:帮我使用 Cursor 在后台重构此模块
→ 调用:usecursorspawn 重构 src/ 目录以提高性能
→ 返回:任务 ID + tmux 会话名称
后续操作:
用户:检查该任务的进度
→ 调用:usecursorcheck <会话名称>
用户:告诉该任务:改为 TypeScript
→ 调用:usecursorsend <会话名称> 用 TypeScript 实现
用户:停止该 Cursor 任务
→ 调用:usecursorkill <会话名称>
方法 2:直接运行模式(小任务)
用户:为我编写一个单元测试
→ 调用:usecursorrun 为 src/utils.ts 编写单元测试
→ 等待完成,返回结果
方法 3:交互模式(本地调试)
bash
启动交互式会话
agent
或直接使用任务
agent 修复此错误
切换模型
/models
添加上下文
@src/api/
@src/models/
📋 Cursor CLI 命令参考
基本命令
直接执行任务 |
| agent -p 任务 | 打印模式(用于脚本) |
| agent --model <名称> | 指定模型 |
| agent --resume=
| 恢复会话 |
| agent ls | 列出会话 |
| agent resume | 恢复最近的会话 |
| agent models | 列出可用模型 |
| agent update | 更新 CLI |
斜杠命令(交互模式)
压缩会话历史 |
| /rules | 管理规则 |
| /commands | 管理自定义命令 |
| /mcp enable <服务器> | 启用 MCP 服务器 |
| /mcp disable <服务器> | 禁用 MCP 服务器 |
键盘快捷键
退出(需双击) |
| Ctrl+R | 审查更改 |
| ↑/↓ | 历史消息 |
🔧 后台任务架构
用户(Discord/飞
