ClawHub
Back to skill
v0.1.0

Cancel Task

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This skill is purpose-aligned for cancelling an OpenAnt task, but it performs an irreversible authenticated account action and uses an unpinned CLI package, so users should confirm details carefully.

GuidanceInstall only if you intend to let the agent help cancel OpenAnt tasks from your authenticated account. Before confirming, check the task ID, title, status, reward, and assignee, because cancellation is irreversible.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
Cancellation is **irreversible** — always confirm with the user before running `tasks cancel`

The skill invokes a high-impact command that cancels a marketplace task, but it explicitly requires confirmation before doing so.

User impactIf used on the wrong task, the task could be removed and an assigned worker could be affected.
RecommendationBefore approving cancellation, verify the task title, status, reward amount, and whether anyone is assigned.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Bash(npx @openant-ai/cli@latest tasks cancel *)

The skill runs the OpenAnt CLI through `npx` using the `@latest` tag, so the package version executed at runtime is not pinned.

User impactBehavior depends on the currently published CLI package version.
RecommendationUse only if you trust the OpenAnt CLI package; pinning a reviewed CLI version would reduce supply-chain ambiguity.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Only the **task creator** can cancel.

The command acts through the authenticated OpenAnt creator account, which is expected for this purpose but still uses delegated account authority.

User impactCommands run as the currently authenticated OpenAnt user and can affect tasks owned by that account.
RecommendationConfirm you are logged into the intended OpenAnt account before cancelling.