ClawHub

Env File Toolkit

v1.0.0

Manage .env files with validate, diff, template generation, merge, and missing-key checks. Use when working with environment variable files, comparing .env.l...

0· 87·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included CLI script (scripts/env_toolkit.py). The declared capabilities (validate, diff, template, merge, list-keys, check-missing) are implemented in the code and the SKILL.md commands map directly to the script. Nothing in the manifest asks for unrelated credentials or tools.
Instruction Scope
SKILL.md instructs the agent to run the included Python script against local .env files. The script only reads and writes files specified by the user and prints results; it does not access other system paths, environment variables, or external endpoints. The instructions are narrowly scoped to .env file management.
Install Mechanism
There is no install spec (instruction-only with an included script). The script uses only Python stdlib; nothing is downloaded or extracted. This presents low install risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code does not attempt to read process env vars or external credentials. The requested permissions are proportional to the task of reading/writing .env files.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges. It does not modify other skills or global agent settings; it only reads/writes files the user supplies.
Assessment
This skill appears to do only local .env file management and is internally consistent. Before running it: (1) Inspect the included script (it's small and uses only the Python stdlib). (2) Be mindful that commands like template --keep-values, merge (without -o), and list-keys --with-values can expose secrets to stdout or to the output file — avoid running them on sensitive production files unless you intend to. (3) Run the tool in a safe directory or with explicit input/output paths you control. No network access or credentials are requested by the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk970yrp0pfavp6559j1p7z20n983he8j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments