HN Reader

Show HN: Mudra – Make your startup rank in ChatGPT/Perplexity and LLMs (trymudra.com)

2 points by NanocodesAI 46m ago 1 comments

Show HN: OS X Mavericks Forever (mavericksforever.com)

380 points by Wowfunhappy 4d ago 171 comments

Show HN: SFOR – minimal, no-backtracking, typed data format (experimental) (github.com)

2 points by brucekaushik 3h ago 0 comments

Show HN: Splice – CAD for Cable Harnesses and Electrical Assemblies (splice-cad.com)

79 points by djsdjs 19h ago 15 comments

Show HN: Ultra-fast, embedded KV store in pure Rust (github.com)

16 points by mehrant 8h ago 5 comments

Show HN: Using Common Lisp from Inside the Browser (turtleware.eu)

105 points by jackdaniel 1d ago 29 comments

Show HN: I replaced vector databases with Git for AI memory (PoC) (github.com)

187 points by alexmrv 1d ago 43 comments

Show HN: ChartDB Cloud – Visualize and Share Database Diagrams (app.chartdb.io)

96 points by Jonathanfishner 1d ago 13 comments

Show HN: I integrated my from-scratch TCP/IP stack into the xv6-riscv OS (github.com)

4 points by pandax381 7h ago 0 comments

Show HN: I was curious about spherical helix, ended up making this visualization (visualrambling.space)

838 points by damarberlari 2d ago 132 comments

Show HN: Luminal – Open-source, search-based GPU compiler (github.com)

143 points by jafioti 2d ago 60 comments

Show HN: PlutoPrint – Generate PDFs and PNGs from HTML with Python (github.com)

155 points by sammycage 1d ago 46 comments

Show HN: Project management system for Claude Code (github.com)

168 points by aroussi 2d ago 108 comments

Show HN: Anchor Relay – A faster, easier way to get Let's Encrypt certificates (anchor.dev)

80 points by geemus 2d ago 56 comments

Show HN: Claudable – OpenSource Lovable that runs locally with Claude Code (github.com)

33 points by aaronSong 1d ago 7 comments

Show HN: What country you would hit if you went straight where you're pointing (apps.apple.com)

79 points by brgross 2d ago 39 comments

Show HN: Nestable.dev – local whiteboard app with nestable canvases, deep links (nestable.dev)

54 points by anorak27 1d ago 24 comments

Show HN: Playing Piano with Prime Numbers (nabraj.com)

8 points by coffeecoders 4d ago 5 comments

Show HN: Lumo – a tiny fluffy virtual pet you can play with in the browser (youware.com)

2 points by rand_num_gen 13h ago 2 comments

Show HN: Typed-arrow – compile‑time Arrow schemas for Rust (github.com)

48 points by ethegwo 4d ago 7 comments

Show HN: Whispering – Open-source, local-first dictation you can trust (github.com)

579 points by braden-w 3d ago 151 comments

Show HN: GPT-5 vs. Claude 4 Sonnet on 200 Requests Benchmark (github.com)

3 points by anwarlaksir 14h ago 0 comments

Show HN: I built an app to block Shorts and Reels (scrollguard.app)

680 points by adrianhacar 6d ago 304 comments

Show HN: OpenAI/reflect – Physical AI Assistant that illuminates your life (github.com)

89 points by Sean-Der 2d ago 52 comments

Show HN: Strudel Flow, a pattern sequencer built with Strudel and React Flow (github.com)

37 points by moklick 4d ago 7 comments

Show HN: Bizcardz.ai – Custom metal business cards (github.com)

25 points by rhodey 1d ago 31 comments

Show HN: Tool shows UK properties matching group commute/time preferences (closemove.com)

11 points by fryingdan 1d ago 5 comments

Show HN: I built a toy TPU that can do inference and training on the XOR problem (tinytpu.com)

133 points by evxxan 3d ago 24 comments

Show HN: SIMD-Optimized Bloom Filters in Mojo for Large-Scale Systems (github.com)

2 points by seiflotfy 17h ago 0 comments

Show HN: I've made an easy to extend and flexible JavaScript logger (github.com)

17 points by inshinrei 3d ago 9 comments

Show HN: Convosphere – Real-life proximity chat (convosphere.app)

2 points by jothetaha 20h ago 4 comments

Show HN: Chat with Your Wearables Data (getfast.ai)

4 points by tmulc18 20h ago 0 comments

Show HN: Tap – Interactive CLI Prompts for Go (Clack Port) (github.com)

3 points by yar-kravtsov 20h ago 0 comments

Show HN: Fractional jobs – part-time roles for engineers (fractionaljobs.io)

272 points by tbird24 3d ago 130 comments

Show HN: We started building an AI dev tool but it turned into a Sims-style game (youtube.com)

155 points by maxraven 3d ago 76 comments

Show HN: Okapi – a metrics engine based on open data formats (github.com)

14 points by kushal2048 2d ago 5 comments

Show HN: Uprintf a universal stb-style printf implementation for C (no OS)

20 points by Forgret 2d ago 17 comments

Show HN: Chroma Cloud – serverless search database for AI (trychroma.com)

92 points by jeffchuber 3d ago 40 comments

Show HN: OverType – A Markdown WYSIWYG editor that's just a textarea

462 points by panphora 5d ago 99 comments

Show HN: Hanaco Weather – A poetic weather SNS from the OS Yamato project (github.com)

18 points by tsuyoshi_k 2d ago 8 comments

Show HN: Edka – Kubernetes clusters on your own Hetzner account (edka.io)

437 points by camil 6d ago 128 comments

Show HN: Prime Number Grid Visualizer (enda.sh)

140 points by dduplex 9d ago 51 comments

Show HN: HN – Hacker News in Your Terminal (github.com)

3 points by iShibi 1d ago 0 comments

Show HN: unsafehttp – tiny web server from scratch in C, running on an orange pi (unsafehttp.benren.au)

87 points by GSGBen 5d ago 51 comments

Show HN: Doxx – Terminal .docx viewer inspired by Glow (github.com)

257 points by w108bmg 4d ago 70 comments

Show HN: MCP Server for PostgreSQL Monitoring/Operations (MCP-PostgreSQL-Ops) (github.com)

6 points by call518 1d ago 0 comments

Show HN: 100% Free photo to drawing converter, No signup (picturetodrawing.org)

3 points by pekingzcc 1d ago 2 comments

Show HN: A simple open-source CLI tool for generating invoices from the terminal (github.com)

3 points by genxer 1d ago 1 comments

Show HN: Weam – open-source AI collaboration platform for teams (github.com)

5 points by sky98 1d ago 0 comments

Show HN: Database of >2M creators and brands grouped into categories (infldb.com)

3 points by druskacik 1d ago 0 comments

Cursor runs shell commands straight from files

1 homanp 1 8/22/2025, 11:48:09 AM twitter.com ↗

Comments (1)

homanp · 4h ago
I was experimenting with different injection techniques for a model dataset and came across something… concerning.

If a file contains instructions like “run this shell command,” Cursor doesn’t stop to ask or warn you. It just… runs it. Directly on your local machine.

That means if you:

1) Open a malicious repo 2) Ask to summarize or inspect a file

…Cursor could end up executing arbitrary commands — including things like exfiltrating environment variables or installing malware.

To be clear:

- I’ve already disclosed this responsibly to the Cursor team. - I’m redacting the actual payload for safety. - The core issue: the “human-in-the-loop” safeguard is skipped when commands come from files.

This was a pretty simple injection, nothing facing. Is Cursor outsourcing security to the models or do they deploy strategies to identify/intercept this kind of thing?

Feels like each new feature release could be a potential new attack vector.