I was worried about the lack of security in shared .cursorrules, so I built a static analyzer to audit them.

Hey everyone, I’ve been using Cursor heavily lately, and like many of you, I’ve been grabbing .cursorrules and AI scripts from GitHub and various "libraries" to boost my productivity. But it started feeling like a security black box. We’re essentially running untrusted, 3rd-party instructions with full access to our source code, terminal, and .env files. I decided to build a small tool called AgentFend to solve this for myself. It uses a static analysis engine I’m calling Onyx to scan prompts and scripts before you hit "Enter". What it actually looks for right now: 🚩 Data Exfiltration: Detecting if a prompt tries to send your code/keys to an external URL. 🚨 Prompt Injections: Identifying instructions that try to override your agent's safety guardrails. 🔑 Sensitive File Access: Flagging rules that shouldn't be touching your .aws or .ssh folders. It assigns a security score (0-100) and explains why a script might be sketchy. It’s 100% free and I don't store your code. I’m really looking

I was worried about the lack of security in shared .cursorrules, so I built a static analyzer to audit them.

Related Articles

This is the lowest price on a 64GB RAM kit I've seen in months

What Is Computer Science? (Learn This Before It’s Too Late)

how to make programming terrible for everyone

Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production

Bipolar and Sleep Deprivation: What Actually Happens

Related Articles

How-To
This is the lowest price on a 64GB RAM kit I've seen in months
ZDNet • 5h ago

How-To
What Is Computer Science? (Learn This Before It’s Too Late)
Medium Programming • 5h ago

How-To
how to make programming terrible for everyone
Lobsters • 7h ago

How-To
Rob Pike’s 5 Rules: The Secret to Building Systems That Actually Survive Production
Medium Programming • 7h ago

How-To
Bipolar and Sleep Deprivation: What Actually Happens
Dev.to • 8h ago