← Back to Skills Marketplace
284
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install jrv-env-doctor
Description
Validate .env files for common issues — detect leaked secrets (AWS keys, GitHub tokens, Stripe keys, JWTs), find duplicate variables, flag empty values, comp...
README (SKILL.md)
Env Doctor
Validate and audit .env files for secrets, duplicates, syntax issues, and missing variables.
Quick Start
python3 scripts/env_doctor.py .env
python3 scripts/env_doctor.py .env --example .env.example
python3 scripts/env_doctor.py .env --strict --json
Features
- Secret scanning — detects AWS keys, GitHub tokens, Stripe keys, Slack tokens, Google API keys, JWTs, private key blocks, and more
- Duplicate detection — flags variables defined more than once
- Example comparison — compares .env against .env.example to find missing or extra vars
- Syntax validation — catches malformed lines, unquoted values with spaces
- Placeholder detection — warns about values like "changeme", "your-api-key-here"
- Exit codes — 0 = healthy, 1 = issues, 2 = secret leaks (CI-friendly)
- No dependencies — Python stdlib only
Options
| Flag | Description |
|---|---|
--example PATH |
.env.example file for comparison |
--json |
Output structured JSON |
--strict |
Treat empty values as errors |
Secret Patterns Detected
AWS Access/Secret Keys, GitHub Tokens (ghp_, gho_, ghs_, ghu_, github_pat_), Slack Tokens, Stripe Keys, Google API Keys, Private Key Blocks, JWTs, Twilio Tokens, SendGrid Keys, Heroku API Keys, and generic high-entropy secrets.
Usage Guidance
This skill appears coherent and implements an offline .env audit. Before running or allowing an agent to run it: (1) Only point it at files you intend to analyze — it will read the full .env and may print detected secrets in plain text or JSON. (2) Do not paste the tool's output into untrusted services if secrets are found. (3) Expect false positives from broad regexes (high-entropy or key-name patterns); review findings manually. (4) If you enable autonomous agent behavior, be aware the agent could run the script and then transmit results back through chat—limit agent permissions or run the script locally if you need to keep results private.
Capability Analysis
Type: OpenClaw Skill
Name: jrv-env-doctor
Version: 1.0.0
The skill is a legitimate utility for auditing .env files to detect secrets, duplicates, and syntax issues. The core logic in scripts/env_doctor.py uses standard Python libraries to perform local file analysis and does not exhibit any signs of data exfiltration, network communication, or malicious execution.
Capability Assessment
Purpose & Capability
Name/description (env validation, secret scanning, example comparison) align with the provided script and SKILL.md. The script implements parsing, secret-pattern checks, duplicate detection, example comparison, and exit codes as described.
Instruction Scope
SKILL.md only instructs the agent to run the included Python script against a user-supplied .env (and optional .env.example). The script reads only the files you pass it and prints findings (human text or JSON). Note: printing detected secrets is expected for this tool, so care is needed about where the output is sent or stored.
Install Mechanism
No installation step or external downloads — instruction-only plus an included Python script using only the stdlib. No archives or network installs.
Credentials
The skill declares no required environment variables or credentials and the code does not access env vars or external credentials. It does read arbitrary .env files supplied by the user (which is necessary for the stated purpose).
Persistence & Privilege
always:false and no code that modifies system or other skill configurations. The skill does not request persistent presence or elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install jrv-env-doctor - After installation, invoke the skill by name or use
/jrv-env-doctor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: secret scanning (AWS, GitHub, Stripe, Slack, etc), duplicate detection, .env.example comparison, syntax validation
Metadata
Frequently Asked Questions
What is Env Doctor?
Validate .env files for common issues — detect leaked secrets (AWS keys, GitHub tokens, Stripe keys, JWTs), find duplicate variables, flag empty values, comp... It is an AI Agent Skill for Claude Code / OpenClaw, with 284 downloads so far.
How do I install Env Doctor?
Run "/install jrv-env-doctor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Env Doctor free?
Yes, Env Doctor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Env Doctor support?
Env Doctor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Env Doctor?
It is built and maintained by John Wang (@johnnywang2001); the current version is v1.0.0.
More Skills