Env Doctor
PassAudited by ClawScan on May 1, 2026.
Overview
Env Doctor is a straightforward local .env checker; its main risk is that it intentionally reads files that may contain secrets, so keep scan output private.
This appears safe for its stated purpose. Before installing or using it, remember that .env files often contain real tokens; only scan files you trust and keep the output private, especially if syntax errors could cause raw line snippets to appear.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you scan a real .env file, the tool may reveal variable names and, for malformed lines, a snippet of the original line in the chat or logs.
The tool intentionally reads .env files, which often contain credentials, and may echo malformed line text into its report. This is purpose-aligned, but the output should be treated as sensitive.
parser.add_argument("envfile", help="Path to the .env file to analyze") ... issues.append(f"Line {entry['lineno']}: Invalid syntax: {entry['raw'][:80]}")Run it only on .env files you intend to inspect, verify the path before use, and avoid sharing the report if the file may contain real secrets.