CtrlZ
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an operation is recorded incorrectly or too broadly, an undo command could delete important directories or overwrite files outside the intended project.
Undo actions restore, delete, or recursively remove whatever target path was recorded, with no visible workspace restriction or confirmation gate in the provided implementation.
file_write|file_edit) ... rm -f "$target_path" ... dir_create) ... rm -rf "$target_path"
Add an undo preview, require explicit confirmation for deletes and recursive directory removal, and restrict target paths to approved workspaces with protected-path denylisting.
Sensitive contents from files the agent edits may remain in CtrlZ's local database or backup folder after the original file changes.
The skill copies full file contents into a persistent undo database and backup directory, which may include secrets or private project files.
original_content=$(cat "$target_path" | base64 -w 0) ... cp "$file_path" "$backup_path"
Document retention clearly, remove expired backup files automatically, add exclusions for sensitive paths, and provide an easy way to inspect and securely clear stored backups.
If enabled globally, the agent may run CtrlZ recording behavior across future sessions, not just a single task.
The skill suggests persistent integration into agent instruction/config files so recording can happen automatically in future conversations.
Recommended to auto-start session at conversation begin and auto-cleanup at end. Can add logic to SOUL.md or AGENTS.md.
Only add persistent SOUL.md or AGENTS.md integration with explicit user approval, and make it easy to disable.
Users have less provenance and dependency information for a skill that can mutate local files.
The registry metadata does not provide a clear source/homepage or install/dependency contract even though executable shell scripts are included.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill.
Verify the skill source before installation and declare required local tools and install steps in metadata.