Cancel Dispatch Run
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s main purpose is coherent, but its cancel script can treat a slash-containing run id as a filesystem path and then kill the tmux session described there, which may exceed the intended run directory scope.
Use this only if you need to cancel local dispatch or ralph-loop runs. Before installing or invoking it, verify the run id format and avoid passing path-like values. A safer version should strictly validate and canonicalize the target run directory before sending tmux commands or rewriting metadata.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or crafted run id could potentially target a directory outside the intended dispatch-results tree, causing the agent to cancel the wrong local tmux session and modify the wrong metadata file.
A slash-containing user argument is appended to RESULTS_BASE without rejecting '..' path traversal, extra path segments, or canonicalizing the result. The script then reads task-meta.json from that directory, kills the referenced tmux session, and rewrites the metadata file.
if [[ "$RUN_ID" == */* ]]; then
CANDIDATE="$RESULTS_BASE/$RUN_ID"
[[ -d "$CANDIDATE" ]] && TARGET_DIR="$CANDIDATE"
...
tmux -S "$SOCKET_PATH" kill-session -t "$TMUX_SESSION"
...
jq --arg ts "$(date -Iseconds)" '. + {status:"cancelled", completed_at:$ts, exit_code:130}' "$META" > "$META.tmp" && mv "$META.tmp" "$META"Restrict run ids to safe project/run-id characters, reject '..' and absolute paths, canonicalize the resolved path, verify it remains under RESULTS_BASE, and consider confirming the resolved run directory before killing the session.