Setting Up GuardClaw for Cursor

Cursor’s agent mode is powerful. It reads your codebase, generates code, runs terminal commands, and manages files — all within your IDE. You stay in the editor while the agent works.

That agent is operating with your permissions. Every terminal command it runs, every file it creates or modifies, every process it starts — it’s doing it as you. If the agent makes a mistake, or if a prompt injection in a file it reads causes it to behave unexpectedly, the consequences are real.

GuardClaw adds a security gate to Cursor’s agent. This post shows how to set it up using MCP server mode.

How it works with Cursor

Cursor supports MCP (Model Context Protocol) servers as tool providers. GuardClaw can run as an MCP server that sits between Cursor’s agent and the actions it takes.

The flow:

1. Cursor’s agent decides to take an action
2. The action passes through GuardClaw’s MCP server
3. GuardClaw checks it against the security policy and detection engine
4. Safe actions execute normally
5. Dangerous actions get blocked
6. A receipt is logged either way

From Cursor’s perspective, GuardClaw is just another tool provider. The agent doesn’t know it’s being supervised.

Step 1: Start GuardClaw in MCP mode

If you haven’t installed GuardClaw yet, follow the Getting Started guide first.

Start GuardClaw as an MCP server:

guardclaw serve --mode mcp

This starts GuardClaw in stdio-based MCP mode, ready to receive tool calls from Cursor. It runs locally — no external connections needed.

For background operation, you can use the daemon:

guardclaw daemon start

This keeps GuardClaw running in the background so you don’t need a separate terminal window.

Step 2: Configure Cursor

In Cursor, open Settings and navigate to the MCP section. Add GuardClaw as an MCP server by pointing to the GuardClaw binary.

The configuration depends on your Cursor version, but the key settings are:

• Command: the path to your GuardClaw binary (usually /opt/homebrew/bin/guardclaw on macOS)
• Arguments: serve --mode mcp
• Type: stdio

Once configured, Cursor routes tool calls through GuardClaw before executing them.

Step 3: Verify the connection

Check that GuardClaw sees the connection:

guardclaw doctor

You should see the MCP server status reported as active. If not, check that the path to the GuardClaw binary is correct in your Cursor settings.

What’s different from Claude Code

The security coverage is the same — same detection engine, same 1,000+ patterns, same receipt chain, same dashboard. The difference is how the integration connects:

• Claude Code uses hooks (PreToolUse/PostToolUse) that inject into Claude Code’s own tool execution pipeline
• Cursor uses MCP server mode, where GuardClaw acts as an intermediary tool provider

Both approaches give you the same result: every action passes through GuardClaw before it executes.

Same dashboard, same receipts

Whether your agent is Claude Code, Cursor, or something else, all the security data flows to the same place. Receipts from different agents show up in the same dashboard. You can filter by agent type to see what each one is doing.

If you’re running both Claude Code and Cursor on the same project, both streams of receipts land in the same workspace. One audit trail, one set of policies, one view of everything.

Next post: how the receipt chain works under the hood — what it proves, why it matters for audits, and how to verify it hasn’t been tampered with.