Hey everyone,
I’ve been using Cursor to build SkillsSafe.com — a free tool designed to keep our AI agent environments safe.
The Problem: With the explosion of MCP servers and shared SKILL.md files, I got paranoid about what these agents were actually doing in the background. Can they read my .ssh/id_rsa? Are they exfiltrating data?
The Solution (Built with Cursor): Using Cursor’s Composer and the new MCP capabilities, I quickly bootstrapped this security scanner. It audits:
-
Credential theft patterns -
Hidden network webhooks -
Prompt/Shell injections -
Zero-width Unicode characters
How to integrate with Cursor: You can use it directly as an MCP server to scan other tools before you trust them: https://mcp.skillssafe.com/sse
Cursor made the dev process 10x faster, especially in handling the SSE implementation for MCP.
Check it out at skillssafe.com. I’d love to hear what the Cursor community thinks!
Cheers!
“P.S. I’ve also added an llms.txt for those of you who want to explore the API docs using Cursor’s @Docs feature!”