Hello guys, I am new to Cursor. It is very exciting to use and seems very productive too provided the right task description and size.
I recently read articles and saw videos about alleged severe security incident involving what seems to be ungoverned Extensions Marketplace dubbed OpenVSX that is built into Cursor? Further I understand Cursor has no access to the somewhat vetted VC Code Extension Marketplace.
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
Further I understand that OpenVSX ratings, download counts and pretty much all metadata about extensions is spoof-able.
This pretty much means any and all installs of extensions in Cursor carry catastrophic security risks for both corporate and personal users alike. This looks like CVE 10.0!
So Cursor is only safe to use in barebones mode with zero extensions. Is this correct?
Is there some official response? Is it possible to use extensions in Cursor with any degree of safety? I don’t know things like signed extensions? Some vetting process?
How are people going about this?
I wanted to install the Mermaid extension described in the Cursor docs and even that search produced results that seem to include dodgy entries. So the problem is abundant it seems.