cursor-before-mcp-execution-guard
Block destructive MCP tool calls (shell passthroughs, out-of-workspace deletes) before execution in Cursor.
hook
BeforeMCPExecution
cursor
mode: enforce
config/hook-registry.json (entry) wagents/hooks/policies/before_mcp_execution.py (decision)
Block destructive MCP tool calls (shell passthroughs, out-of-workspace deletes) before execution in Cursor.
Registry Entry
Section titled “Registry Entry”| Field | Value |
|---|---|
| id | cursor-before-mcp-execution-guard |
| status_message | Checking MCP-execution safety |
| mode | enforce |
| logical_event | BeforeMCPExecution |
| command | python3 {repo_root}/hooks/wagents-hook.py cursor-before-mcp-execution-guard --harness {harness} |
| timeout | 5 |
| harnesses | ["cursor"] |
Full hook config + policy reference
{ "id": "cursor-before-mcp-execution-guard", "description": "Block destructive MCP tool calls (shell passthroughs, out-of-workspace deletes) before execution in Cursor.", "status_message": "Checking MCP-execution safety", "mode": "enforce", "logical_event": "BeforeMCPExecution", "command": "python3 {repo_root}/hooks/wagents-hook.py cursor-before-mcp-execution-guard --harness {harness}", "timeout": 5, "harnesses": [ "cursor" ]}def evaluate_before_mcp_execution(tool_name: str, params: dict[str, Any] | None) -> str | None: """Return a deny reason for dangerous MCP calls, else None.""" # Blocks destructive commands passed through MCP shell tools and # absolute / path-traversal deletes that escape the workspace. ...Command: python3 .../wagents-hook.py cursor-before-mcp-execution-guard --harness cursor
Resources
Section titled “Resources”Hooks HubAll repo-managed lifecycle hooks.
wagents hooksInspect and validate hooks via CLI.
