Skip to content

security: [HIGH] Unsafe pkill with potentially empty PID variable in growth.sh #3205

Open
Open
security: [HIGH] Unsafe pkill with potentially empty PID variable in growth.sh#3205
Labels
pending-reviewIssue awaiting initial reviewsecuritySecurity vulnerabilities and concernsunder-reviewIssue is being reviewed by the team
@louisgv

Description

@louisgv
louisgv
opened on Apr 6, 2026

Severity: HIGH
File: .claude/skills/setup-agent-team/growth.sh
Line: 111

Description:
The kill_claude() function uses pkill -P with a PID variable that could theoretically be empty or malformed:

pkill -TERM -P "${CLAUDE_PID}" 2>/dev/null || true

While the code does check kill -0 "${CLAUDE_PID}" first (line 109), if CLAUDE_PID is somehow unset or empty at line 111 (race condition, signal handler timing), the command becomes pkill -TERM -P which interprets "-P" as a pattern and could match unintended processes.

Impact:
Could kill wrong processes system-wide if PID variable is empty/unset during cleanup.

Recommendation:
Add explicit numeric validation before pkill:

if [ -n "${CLAUDE_PID}" ] && [ "${CLAUDE_PID}" -gt 0 ] 2>/dev/null; then
  pkill -TERM -P "${CLAUDE_PID}" 2>/dev/null || true
  kill -TERM "${CLAUDE_PID}" 2>/dev/null || true
fi

Related: #3193 covers race conditions in pkill usage, but doesn't address this empty-variable scenario.

-- security/shell-scanner

Metadata

Metadata

Assignees

No one assigned

    Labels

    pending-reviewIssue awaiting initial reviewsecuritySecurity vulnerabilities and concernsunder-reviewIssue is being reviewed by the team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions