Env Doctor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If you scan a real .env file, the tool may reveal variable names and, for malformed lines, a snippet of the original line in the chat or logs.
Why it was flagged
The tool intentionally reads .env files, which often contain credentials, and may echo malformed line text into its report. This is purpose-aligned, but the output should be treated as sensitive.
Skill content
parser.add_argument("envfile", help="Path to the .env file to analyze") ... issues.append(f"Line {entry['lineno']}: Invalid syntax: {entry['raw'][:80]}")Recommendation
Run it only on .env files you intend to inspect, verify the path before use, and avoid sharing the report if the file may contain real secrets.