Please report suspected vulnerabilities privately to security@close.com. Do not open a public issue for a security vulnerability.
This plugin contains no credentials and does not proxy Close data. Cursor connects directly to Close's hosted MCP server over HTTPS and authenticates through Close OAuth. Users choose the Close organization and permission scope during authorization and can revoke access from their Close account.