Cursor
Install (Recommended)
Install StackHawk rules to your global Cursor config so they’re available in every project:
# Clone the agent-skills repo
git clone https://github.com/stackhawk/agent-skills.git /tmp/stackhawk-skills
# Install Cursor rules to your global config
bash /tmp/stackhawk-skills/scripts/install.sh --platform cursor --target ~
# Clean up
rm -rf /tmp/stackhawk-skills# Clone the agent-skills repo
git clone https://github.com/stackhawk/agent-skills.git $env:TEMP\stackhawk-skills
# Install Cursor rules to your global config
& "$env:TEMP\stackhawk-skills\scripts\install.ps1" -Platform cursor
# Clean up
Remove-Item -Recurse -Force "$env:TEMP\stackhawk-skills"CMD users: use PowerShell (built into Windows 10+) or WSL.
Global rules in ~/.cursor/rules/ are loaded automatically in every project you open.
Install hawk and hawkop
brew tap stackhawk/cli && brew install hawk hawkopDownload and run the installers from docs.stackhawk.com/downloads:
- hawk — Windows MSI (includes bundled Java)
- hawkop — Windows MSI
CMD users: use PowerShell (built into Windows 10+) or WSL.
Then authenticate both CLIs:
hawk init
hawkop inithawk init prompts for your API key (hawk.xxxxxxxxxx.xxxxxxxxxx) — get one at app.stackhawk.com → Settings → API Keys. hawkop init picks up the key automatically and prompts for your default organization.
Verify
Open any project in Cursor. Ask the AI: “What StackHawk rules do you have?” It should describe HawkScan scanning and API reporting capabilities.
Usage
Ask Cursor’s AI to scan your application:
Scan my app running on localhost:8080 for security vulnerabilitiesTips
- Install once, scan everywhere: Global rules in
~/.cursor/rules/work across all projects - The rules are split into 10 modular files so Cursor loads only what’s relevant for the current task
- The agent checks if your app is running and will prompt you to start it if needed