ClawHub

env-config-validator

v1.0.0

Validate .env files against schemas, compare environments (dev vs prod), detect common mistakes (trailing spaces, placeholders, invalid ports, missing protoc...

0· 60·0 current·0 all-time
by@charlie-morrison
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the provided files and code. The Python script implements parsing, common-mistake checks, schema generation, schema validation, and diffing as advertised. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to run the included Python script against .env files and to use flags for schema/diff/output. The runtime instructions reference only the files the tool is meant to inspect. There are no instructions to read arbitrary system files, call external endpoints, or exfiltrate data.
Install Mechanism
There is no install spec (instruction-only from the registry's perspective) and the code is pure Python stdlib, which is low risk. Minor inconsistency: the SKILL.md examples use 'python3' but the registry metadata lists no required binaries. The skill therefore implicitly requires a Python 3 runtime to be present; otherwise no additional installation is performed.
Credentials
The skill declares no required environment variables or credentials and the code reads only the .env files provided as input. It does not access system environment variables, cloud credentials, or external config paths.
Persistence & Privilege
always is false and the skill has no install hooks or claims to modify other skills or global agent settings. It writes output files only when explicitly asked (e.g., schema generation -o) and otherwise runs locally.
Assessment
This package appears coherent and implements a local .env validator in a single Python script. Before installing or running: (1) ensure you have Python 3 on the machine (SKILL.md assumes 'python3' but the registry metadata didn't list it), (2) review the script if you will run it on sensitive repositories (it reads and can write schema files), (3) test on non-production .env files first, and (4) if you use the diff or schema generation in CI, confirm the tool's secret-masking behavior meets your privacy requirements (Status.md says it masks secrets, review the diff output). No network or secret-exfiltration mechanisms were found in the provided files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e3tzgc1wh88r819djvewskn84npdc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments