Env Alias Audit
v1.0.0Audit .env alias groups for missing required config, conflicting values, and canonical-key drift before deploy.
⭐ 0· 238·0 current·0 all-time
byDaniel Lummis@daniellummis
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the implementation: the script parses .env-style files, evaluates canonical/alias groups, checks required groups, and reports conflicts. Required binaries (bash, python3) are exactly what's needed to run the provided wrapper script and embedded Python logic.
Instruction Scope
SKILL.md instructs running the included script against a specified ENV_FILE and optional ALIAS_SPEC_FILE. The script only reads the given files, validates alias groups, and prints status; it does not call external network endpoints, spawn unexpected commands, or read unrelated system files.
Install Mechanism
There is no install spec and no external downloads. This is an instruction-only skill with a bundled script, so nothing is fetched from third-party URLs or installed system-wide.
Credentials
The skill requests no credentials or special env vars beyond optional inputs (ENV_FILE, ALIAS_SPEC_FILE, REQUIRED_GROUPS, AUDIT_MODE). However, it will read the target env file (which may contain secrets) and prints short previews of values (truncating longer values). If you run this against production .env files, those value snippets may appear in logs or console output—consider running in a safe environment or modifying the script to redact outputs more aggressively.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills, and does not write persistent system configuration. It only reads specified files and exits with appropriate status codes.
Assessment
This skill appears to do exactly what it says: audit .env alias groups for missing or conflicting values. Before installing/running it, ensure you: 1) run it in a controlled environment (so snippets of secret values printed by the script won't leak to shared logs), 2) review any ALIAS_SPEC_FILE you point it at to confirm it's local and trusted, and 3) if you want stricter secrecy, modify the script's printing (short()) to fully redact values in logs. No network access or unrelated credentials are requested by the skill.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
Binsbash, python3
latest
Daniel Lummis@daniellummis
DownloadEnv Alias Audit
Use this skill to catch environment-variable alias drift before runtime failures.
What this skill does
- Parses env vars from
.env-style files - Evaluates canonical key + alias groups (built-in defaults or custom spec)
- Flags missing required groups
- Detects conflicting values across aliases in the same group
- Reports alias-only usage where canonical keys are absent
Inputs
Optional:
ENV_FILE(default:.env)ALIAS_SPEC_FILE(default: built-in alias groups)REQUIRED_GROUPS(comma-separated canonical keys that must resolve)AUDIT_MODE(reportorstrict, default:strict)
Run
Use built-in alias groups:
ENV_FILE=.env \
REQUIRED_GROUPS=DATABASE_URL,STRIPE_API_KEY \
bash skills/env-alias-audit/scripts/audit-env-aliases.sh
Use custom alias spec:
ENV_FILE=.env.production \
ALIAS_SPEC_FILE=skills/env-alias-audit/fixtures/alias-spec.sample \
AUDIT_MODE=report \
bash skills/env-alias-audit/scripts/audit-env-aliases.sh
Run against fixtures:
ENV_FILE=skills/env-alias-audit/fixtures/.env.conflict \
REQUIRED_GROUPS=DATABASE_URL,STRIPE_API_KEY \
bash skills/env-alias-audit/scripts/audit-env-aliases.sh
Alias spec format
ALIAS_SPEC_FILE accepts one group per line:
CANONICAL_KEY=ALIAS_ONE,ALIAS_TWO
- Comments and blank lines are ignored
- Canonical key is always part of the checked group
Output contract
- Exit
0when no strict failures are found - Exit
1on invalid input, missing required groups (strict), or conflicting alias values - Prints per-group status (
OK,WARN,FAIL) plus a summary
Comments
Loading comments...