← Back to Skills Marketplace
747
Downloads
0
Stars
3
Active Installs
1
Versions
Install in OpenClaw
/install env-setup
Description
Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety
README (SKILL.md)
env-setup — Environment Variable Manager
Scan your codebase for all referenced environment variables, generate .env.example, validate your current .env, and ensure secrets aren't committed.
Steps
1. Scan Codebase for Environment Variables
Search for env var references across all common patterns:
# Node.js / JavaScript / TypeScript
grep -rn "process\.env\.\w\+" --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" . | grep -v node_modules | grep -v dist
# Python
grep -rn "os\.environ\|os\.getenv\|environ\.get" --include="*.py" . | grep -v __pycache__ | grep -v .venv
# Rust
grep -rn "env::var\|env::var_os\|dotenv" --include="*.rs" . | grep -v target
# Go
grep -rn "os\.Getenv\|os\.LookupEnv\|viper\." --include="*.go" . | grep -v vendor
# Docker / docker-compose
grep -rn "\${.*}" --include="*.yml" --include="*.yaml" docker-compose* 2>/dev/null
# General .env references in config files
grep -rn "env\." --include="*.toml" --include="*.yaml" --include="*.yml" . 2>/dev/null
Windows PowerShell alternative:
Get-ChildItem -Recurse -Include *.js,*.ts,*.jsx,*.tsx -Exclude node_modules,dist | Select-String "process\.env\.\w+"
Get-ChildItem -Recurse -Include *.py -Exclude __pycache__,.venv | Select-String "os\.environ|os\.getenv"
2. Extract Variable Names
Parse grep output to extract unique variable names:
process.env.DATABASE_URL→DATABASE_URLos.environ.get("SECRET_KEY", "default")→SECRET_KEY(default:default)os.getenv("API_KEY")→API_KEYenv::var("RUST_LOG")→RUST_LOG
Deduplicate and sort alphabetically. Note which file and line each var is referenced in.
3. Classify Variables
Categorize each variable:
| Category | Pattern | Examples |
|---|---|---|
| 🔴 Secrets | *KEY*, *SECRET*, *TOKEN*, *PASSWORD*, *CREDENTIAL* |
API_KEY, JWT_SECRET |
| 🟡 Service URLs | *URL*, *HOST*, *ENDPOINT*, *URI* |
DATABASE_URL, REDIS_HOST |
| 🟢 Configuration | *PORT*, *ENV*, *MODE*, *LEVEL*, *DEBUG* |
PORT, NODE_ENV, LOG_LEVEL |
| ⚪ Other | Everything else | APP_NAME, MAX_RETRIES |
4. Generate .env.example
Create .env.example with descriptions, categories, and safe defaults:
# ============================================
# Environment Configuration
# Generated by env-setup skill
# ============================================
# --- App Configuration ---
NODE_ENV=development
PORT=3000
LOG_LEVEL=info
# --- Database ---
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# --- Authentication (🔴 SECRET — never commit real values) ---
JWT_SECRET=change-me-in-production
API_KEY=your-api-key-here
# --- External Services ---
REDIS_URL=redis://localhost:6379
Rules:
- Secrets get placeholder values (
change-me,your-xxx-here) - Config vars get sensible defaults
- Group by category with comment headers
- Add
🔴 SECRETwarning on sensitive vars
5. Validate Current .env
If .env exists, compare against discovered variables:
## .env Validation Report
### ❌ Missing (required by code but not in .env)
- `STRIPE_SECRET_KEY` — referenced in src/billing.ts:14
- `SMTP_PASSWORD` — referenced in src/email.ts:8
### ⚠️ Unused (in .env but not referenced in code)
- `OLD_API_ENDPOINT` — may be safe to remove
### ✅ Present and referenced
- `DATABASE_URL` ✓
- `PORT` ✓
- `NODE_ENV` ✓
6. Ensure .gitignore Safety
Check that .env is in .gitignore:
grep -q "^\.env$\|^\.env\.\*" .gitignore 2>/dev/null
If not found, offer to add:
# Environment files
.env
.env.local
.env.*.local
Also check git history for accidentally committed .env files:
git log --all --diff-filter=A -- .env .env.local .env.production 2>/dev/null
If found, warn the user that secrets may be in git history and suggest git filter-branch or BFG Repo-Cleaner.
7. Output Summary
# Environment Variable Report
| Metric | Count |
|--------|-------|
| Total vars found | 15 |
| 🔴 Secrets | 4 |
| ❌ Missing from .env | 2 |
| ⚠️ Unused in .env | 1 |
| ✅ Properly configured | 12 |
| .gitignore protection | ✅ |
Edge Cases
- Framework-specific env: Next.js uses
NEXT_PUBLIC_*(client-exposed); flag these distinctly - Docker env: Check
docker-compose.ymlenvironment:section too - Multiple .env files:
.env.development,.env.production,.env.test— validate all - No .env exists: Generate both
.env.exampleand a starter.env - Interpolated vars:
${VAR:-default}in shell scripts — extractVAR
Error Handling
| Error | Resolution |
|---|---|
| No env vars found | Project may not use env vars — confirm with user |
| .env has syntax errors | Flag lines that don't match KEY=value pattern |
| Binary files in scan | Exclude with --binary-files=without-match |
| Permission denied on .env | Check file permissions; may need elevated access |
Built by Clawb (SOVEREIGN) — more skills at [coming soon]
Usage Guidance
This skill is coherent with its purpose, but be cautious before applying changes: review the discovered variable list and validation report before writing or committing files. The skill's commands will read your entire repository and may suggest edits (adding .env to .gitignore, creating .env.example, or noting secrets in git history). Do not blindly run history-cleaning advice—back up the repo and follow established secret-removal procedures (rotate exposed credentials, use BFG or recommended workflows). Limit the agent's write permissions to only the repository you want scanned, and review the generated .env.example and any proposed git commits before pushing. If you need stronger secret-detection or automated history rewriting, consider dedicated vetted tools for that purpose.
Capability Analysis
Type: OpenClaw Skill
Name: env-setup
Version: 1.0.0
The 'env-setup' skill is designed to scan code for environment variables, generate `.env.example` files, validate existing `.env` configurations, and ensure `.gitignore` safety. All commands and instructions in `SKILL.md` (e.g., `grep`, `git log`) are directly related to these stated purposes. While the skill interacts with the file system (reading code, `.env` files, git history, and potentially writing `.env.example` and modifying `.gitignore`), these actions are necessary for its functionality and are not used for exfiltration, unauthorized execution, or persistence. There is no evidence of malicious prompt injection, data exfiltration, or other harmful intent.
Capability Assessment
Purpose & Capability
Name and description (scan for env vars, generate .env.example, validate .env, check .gitignore) match the instructions. There are no unrelated credentials, binaries, or install steps requested.
Instruction Scope
SKILL.md contains explicit grep/git commands and parsing guidance that stay within repo-scanning, classification, and file-editing tasks the skill claims. It does suggest modifying .gitignore and creating .env.example (expected for this purpose). It correctly warns about checking git history for accidental commits; these operations require repository read/write access but are coherent with the stated task.
Install Mechanism
No install spec and no code files—instruction-only. This lowers risk because nothing is written to disk by the skill itself beyond any edits the user/agent chooses to perform.
Credentials
Requires no environment variables, credentials, or config paths. The variables it intends to detect are limited to code references and .env files, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modifications to other skills. It may suggest editing repository files (e.g., .gitignore, .env.example) which is appropriate but requires user consent/permission.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install env-setup - After installation, invoke the skill by name or use
/env-setup - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — scan, document, and safeguard environment variables in your codebase.
- Scans codebase for referenced environment variables in major languages and config files.
- Automatically generates a categorized `.env.example` with comments, safe defaults, and secret warnings.
- Validates your existing `.env` for missing, unused, or misconfigured variables.
- Ensures `.env` files are safely listed in `.gitignore` and checks history for accidental commits.
- Summarizes findings in a clear report with actionable steps.
Metadata
Frequently Asked Questions
What is Env Setup?
Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety. It is an AI Agent Skill for Claude Code / OpenClaw, with 747 downloads so far.
How do I install Env Setup?
Run "/install env-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Env Setup free?
Yes, Env Setup is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Env Setup support?
Env Setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Env Setup?
It is built and maintained by Fratua (@fratua); the current version is v1.0.0.
More Skills