ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CtrlZ

v1.0.0

AI Operation Undo System. When user executes /ctrlZ or says "undo last step", automatically revert all file modifications, installations, etc. from the recen...

0· 21·0 current·0 all-time
byChris Lo@chrisluo5311
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement a Git-like undo: start/record/undo sessions, back up files, store original content, delete created directories, and track package installs. These capabilities are coherent with the skill's stated purpose of reverting file modifications and related operations.
!
Instruction Scope
The runtime instructions explicitly direct the agent to back up and record any target_path before modification. That is necessary for undoing, but it means the skill can read and persist arbitrary files (original_content stored as base64 in the sqlite DB and copies in backups). This creates a data collection surface (secrets/configs could be stored) and requires the agent to call the recording commands consistently—if not, operations won't be captured.
Install Mechanism
No install spec or remote downloads are used; the skill is instruction-only with bundled shell scripts. Nothing in the package pulls code from external servers during installation.
!
Credentials
The registry metadata lists no required binaries or env vars, but the scripts rely on system tools (sqlite3, jq in examples, base64, cp, rm, sqlite3 CLI). The absence of declared dependencies is an inconsistency. The skill requests no network credentials and does not call external endpoints, which is proportionate to its purpose.
Persistence & Privilege
The skill persists a local sqlite DB and backup files under ~/.openclaw/skills/ctrlz/ (or CTRLZ_DB). It uses destructive operations (rm -rf) to undo directories. always:false (no forced inclusion). Persistence is expected for an undo system, but backups may contain sensitive data and should be protected/cleaned.
What to consider before installing
This skill does implement what it claims, but review and consider the following before installing: - Backups and DB: The script will copy and store original file contents and backups under ~/.openclaw/skills/ctrlz/backups and into undo.db (original_content stored base64). Sensitive files (credentials, keys, tokens, private configs) can be captured there — treat the backup directory and DB as sensitive data and protect or exclude paths accordingly. - Required tools: The package metadata does not declare runtime dependencies, but the scripts expect sqlite3, base64 utilities, and the examples use jq. Install and audit those tools on the host and ensure they meet your security policies. - Instrumentation required: For undo to work you (or the agent) must run start/record before every change. If the agent performs modifications without recording them, they can't be undone. Consider modifying AI behavior or wrapping modification commands to enforce recording. - Destructive undoes: Undo actions include rm -rf for directories. Only run undo when you are sure — it will delete files and directories that were created in recorded sessions. - Data retention & cleanup: Configure stack size, periodically purge backups, and consider encryption or restricted filesystem permissions for the backup and DB locations. - Trust and review: Since the scripts will be able to read arbitrary files the agent can access, only install if you trust the skill source or have reviewed the scripts (which are included). If you need tighter controls, modify the scripts to whitelist safe paths or avoid backing up sensitive directories. If you want to proceed, also consider adding explicit dependency declarations (sqlite3, jq) and limiting which paths the skill may record/backup.

Like a lobster shell, security has layers — review code before you run it.

latestvk9760sd7ywdqvbnmdekjvm9dnh85dn0qundovk9760sd7ywdqvbnmdekjvm9dnh85dn0qutilityvk9760sd7ywdqvbnmdekjvm9dnh85dn0q
21downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
Chris Lo@chrisluo5311
latestundoutility
Download

CtrlZ - AI Operation Undo System

Overview

CtrlZ is a Git-like undo system that records all "create/update/delete" operations performed by AI in each conversation round, allowing users to revert with one command.

Core Concepts

  • Undo Session: All operations generated in one conversation round (user request + assistant response)
  • Stack Mechanism: Default keeps 1 session, configurable to 3/5 sessions
  • Auto Recording: Automatically backup and record before executing any modifications

Usage

User Commands

/ctrlZ              # Undo the most recent conversation round
/ctrlZ 3            # Undo the last 3 conversation rounds
/ctrlZ list         # List undoable operation records
/ctrlZ stack 5      # Set stack size to 5 undo units

Natural Language Triggers

  • "undo last step"
  • "undo"
  • "revert recent changes"
  • "ctrl+z"

AI Usage Guide (Important)

Before each file modification:

1. Start Session (at conversation beginning)

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh start <session_key> "<description>"

2. Record each operation (before modification)

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh record <session_id> <type> <path> [metadata]

Operation types:

  • file_write - Write/overwrite file
  • file_edit - Edit existing file
  • file_delete - Delete file
  • dir_create - Create directory
  • exec_install - Install package/dependency
  • exec_download - Download file

3. Execute actual operation

4. End Session (automatic at conversation end)

Complete Example

# 1. Start session
SESSION=$(bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh start "Modify config" | jq -r '.session_id')

# 2. Record config.json modification
bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh record $SESSION file_edit "/path/to/config.json"

# 3. Execute actual modification
edit /path/to/config.json ...

# 4. Record package installation
bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh record $SESSION exec_install "npm:lodash"

# 5. Execute installation
exec "npm install lodash"

Execute Undo

When user says "undo":

# Undo the most recent 1 session
bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh undo

# Undo the last 3 sessions
bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh undo 3

Configuration

View current stack size

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh get-stack

Modify stack size (how many undo units to keep)

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh set-stack 5

View statistics

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh stats

List undoable operations

bash ~/.openclaw/skills/ctrlz/scripts/ctrlz.sh list

Database Structure

Location: ~/.openclaw/skills/ctrlz/undo.db

Tables:

  • undo_sessions - Each undo unit (conversation round)
  • undo_operations - Specific operation records
  • settings - Configuration (stack size, etc.)

Backup Location: ~/.openclaw/skills/ctrlz/backups/

Important Notes

  1. Package installation cannot be fully auto-undone - Will show list and manual removal commands
  2. External command effects - Cannot track side effects of shell commands
  3. Backup space - Clean up old backups periodically: ctrlz clear

Package Installation Handling

When undoing operations that include package installations:

📦 The following package installations cannot be auto-undone:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  1. npm:lodash
  2. npm:express
  3. pip:requests
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

💡 To remove, manually execute:
   npm uninstall lodash
   npm uninstall express
   pip uninstall requests

System Integration

Recommended to auto-start session at conversation begin and auto-cleanup at end. Can add logic to SOUL.md or AGENTS.md.

Testing

# Quick demo
bash ~/.openclaw/skills/ctrlz/scripts/demo.sh

# Or run full test cases
bash ~/.openclaw/skills/ctrlz/scripts/test_ctrlz.sh

Comments

Loading comments...