ClawHub

Env Setup

v1.0.0

Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety

0· 612·3 current·3 all-time
by@fratua
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (scan for env vars, generate .env.example, validate .env, check .gitignore) match the instructions. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope
SKILL.md contains explicit grep/git commands and parsing guidance that stay within repo-scanning, classification, and file-editing tasks the skill claims. It does suggest modifying .gitignore and creating .env.example (expected for this purpose). It correctly warns about checking git history for accidental commits; these operations require repository read/write access but are coherent with the stated task.
Install Mechanism
No install spec and no code files—instruction-only. This lowers risk because nothing is written to disk by the skill itself beyond any edits the user/agent chooses to perform.
Credentials
Requires no environment variables, credentials, or config paths. The variables it intends to detect are limited to code references and .env files, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modifications to other skills. It may suggest editing repository files (e.g., .gitignore, .env.example) which is appropriate but requires user consent/permission.
Assessment
This skill is coherent with its purpose, but be cautious before applying changes: review the discovered variable list and validation report before writing or committing files. The skill's commands will read your entire repository and may suggest edits (adding .env to .gitignore, creating .env.example, or noting secrets in git history). Do not blindly run history-cleaning advice—back up the repo and follow established secret-removal procedures (rotate exposed credentials, use BFG or recommended workflows). Limit the agent's write permissions to only the repository you want scanned, and review the generated .env.example and any proposed git commits before pushing. If you need stronger secret-detection or automated history rewriting, consider dedicated vetted tools for that purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cctc216gabe788ebngjf6ys816gfc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments