Sunglasses is a filter that sits ahead of your Cursor agent. Always ON. Every file, web fetch, or tool response Cursor reads — the filter scans first. This page walks through the Cursor MCP wiring.
Who this page is for
Cursor users who want their AI to stop acting on hidden instructions buried in code comments, documentation, web pages, tool responses, or retrieved chunks. Works with Cursor's Agent mode and Composer. No code changes to your projects.
The command
# In Cursor settings → MCP Servers, add: { "sunglasses": { "command": "python", "args": ["-m", "sunglasses.mcp"] } }
Add Sunglasses to Cursor's MCP list. Open Cursor → Settings → MCP Servers → add the sunglasses entry. Cursor restarts the agent with the scan tool available. Any time the agent reads untrusted content, it can run it through the filter before acting.
Benefit: Cursor's agent gets the filter in its toolbox. When you paste a long web page, open a suspicious file, or let it read tool output — it has Sunglasses on call.
Install Sunglasses first
If you haven't installed Sunglasses on your machine yet, do this first in a fresh terminal:
python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install --upgrade sunglasses
On modern macOS and many Linux systems, your system Python may block direct installs. A small virtual environment keeps the install clean. Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.
Full walkthrough in progress. The core command and identity are ready. Detailed step-by-step screenshots, real-world attack examples, and troubleshooting are being added.
FAQ
How do I add prompt injection protection to Cursor?
Install Sunglasses in a Python venv, then open Cursor Settings → MCP Servers and add sunglasses with command 'python' and args ['-m', 'sunglasses.mcp']. Cursor's agent now has a scan tool it can call on untrusted input.
Does Sunglasses work with Cursor's Composer and Agent mode?
Yes. Any Cursor feature that uses the MCP tool layer can call the Sunglasses scan tool — including Agent mode, Composer, and chat with tool calls enabled.
Can I make Cursor scan automatically on every file it reads?
Add a custom rule in your .cursorrules or Cursor system prompt telling the agent to call sunglasses.scan_text before acting on untrusted file content or web fetches. That makes scanning mandatory, not opt-in.
Does Sunglasses call the cloud from Cursor?
No. The filter runs locally. Cursor talks to Sunglasses over local stdio. No API key, no cloud service, no telemetry.
What does Sunglasses catch in a Cursor session?
Prompt injection in files and web content, credential exfiltration attempts, memory poisoning, tool output poisoning, and encoded-attack evasions across 23 languages — 313 patterns across 49 categories total.
Where this wiring fits
Sunglasses is one filter with many wiring options. This page covers Cursor. Other wiring paths:
- Claude Code / Claude Desktop
- Cline (VS Code)
- Windsurf
- Zed
- Warp terminal
- Hermes-Agent (Nous)
- LangChain
- CrewAI
- Microsoft AutoGen
- OpenAI Agents SDK
- Custom Python agent
Same filter underneath. Different wiring based on your stack.