ClawHub

Envcheck

v1.0.0

Check if your environment is ready to run a skill — verify that required environment variables are set and required CLI binaries are on PATH. Returns a ready...

0· 58·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description ask to verify env vars and CLI binaries; the skill requires only Python and installs FastAPI/uvicorn/pydantic to run a small local server — these requirements are proportional to the stated purpose.
Instruction Scope
SKILL.md instructs running a local uvicorn server and POSTing required_env/required_bins lists. The server code only checks os.environ for presence (not values) and shutil.which for binaries and returns lists of present/missing names — scope is limited to the stated functionality. Note: the example reads the local SKILL.md to show usage with ScopeCheck, which is an expected convenience and not secret collection.
Install Mechanism
Install metadata lists typical Python packages (fastapi, uvicorn, pydantic) via a pip-like step (uv/pip). There are no downloads from untrusted URLs or archive extraction; this is standard for a Python service.
Credentials
The skill declares no required environment variables or credentials. At runtime it accepts a list of env var names to check and reports which names are present; it does not return env var values or request unrelated secrets, so requested access is proportional to its purpose.
Persistence & Privilege
always is false and the skill does not modify other skills or system config. It runs as a transient local server when started; it does not request persistent privileges.
Assessment
This skill appears to be what it says: a local environment checker. Before installing, confirm you trust the Python packages (fastapi/uvicorn/pydantic) and install them into a virtualenv. Run the server only on localhost (the example uses the default uvicorn host) and avoid binding it publicly; the service reveals which environment variable names exist on the host (it does not return their values), so don't run it on a machine where exposing the presence/absence of secret-named variables to other network users would be a concern. If you plan to pair it with other tools (like ScopeCheck), review those tools' outputs as well so you don't inadvertently check for or expose sensitive names.

Like a lobster shell, security has layers — review code before you run it.

latestvk971nkqhmj7zx4txypndap821984rnzj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔧 Clawdis
Binspython

Install

uv

Comments