← 返回 Skills 市场
johnnywang2001

Env Doctor

作者 John Wang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ 安全检测通过
284
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install jrv-env-doctor
功能描述
Validate .env files for common issues — detect leaked secrets (AWS keys, GitHub tokens, Stripe keys, JWTs), find duplicate variables, flag empty values, comp...
使用说明 (SKILL.md)

Env Doctor

Validate and audit .env files for secrets, duplicates, syntax issues, and missing variables.

Quick Start

python3 scripts/env_doctor.py .env
python3 scripts/env_doctor.py .env --example .env.example
python3 scripts/env_doctor.py .env --strict --json

Features

  • Secret scanning — detects AWS keys, GitHub tokens, Stripe keys, Slack tokens, Google API keys, JWTs, private key blocks, and more
  • Duplicate detection — flags variables defined more than once
  • Example comparison — compares .env against .env.example to find missing or extra vars
  • Syntax validation — catches malformed lines, unquoted values with spaces
  • Placeholder detection — warns about values like "changeme", "your-api-key-here"
  • Exit codes — 0 = healthy, 1 = issues, 2 = secret leaks (CI-friendly)
  • No dependencies — Python stdlib only

Options

Flag Description
--example PATH .env.example file for comparison
--json Output structured JSON
--strict Treat empty values as errors

Secret Patterns Detected

AWS Access/Secret Keys, GitHub Tokens (ghp_, gho_, ghs_, ghu_, github_pat_), Slack Tokens, Stripe Keys, Google API Keys, Private Key Blocks, JWTs, Twilio Tokens, SendGrid Keys, Heroku API Keys, and generic high-entropy secrets.

安全使用建议
This skill appears coherent and implements an offline .env audit. Before running or allowing an agent to run it: (1) Only point it at files you intend to analyze — it will read the full .env and may print detected secrets in plain text or JSON. (2) Do not paste the tool's output into untrusted services if secrets are found. (3) Expect false positives from broad regexes (high-entropy or key-name patterns); review findings manually. (4) If you enable autonomous agent behavior, be aware the agent could run the script and then transmit results back through chat—limit agent permissions or run the script locally if you need to keep results private.
功能分析
Type: OpenClaw Skill Name: jrv-env-doctor Version: 1.0.0 The skill is a legitimate utility for auditing .env files to detect secrets, duplicates, and syntax issues. The core logic in scripts/env_doctor.py uses standard Python libraries to perform local file analysis and does not exhibit any signs of data exfiltration, network communication, or malicious execution.
能力评估
Purpose & Capability
Name/description (env validation, secret scanning, example comparison) align with the provided script and SKILL.md. The script implements parsing, secret-pattern checks, duplicate detection, example comparison, and exit codes as described.
Instruction Scope
SKILL.md only instructs the agent to run the included Python script against a user-supplied .env (and optional .env.example). The script reads only the files you pass it and prints findings (human text or JSON). Note: printing detected secrets is expected for this tool, so care is needed about where the output is sent or stored.
Install Mechanism
No installation step or external downloads — instruction-only plus an included Python script using only the stdlib. No archives or network installs.
Credentials
The skill declares no required environment variables or credentials and the code does not access env vars or external credentials. It does read arbitrary .env files supplied by the user (which is necessary for the stated purpose).
Persistence & Privilege
always:false and no code that modifies system or other skill configurations. The skill does not request persistent presence or elevated privileges.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install jrv-env-doctor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /jrv-env-doctor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: secret scanning (AWS, GitHub, Stripe, Slack, etc), duplicate detection, .env.example comparison, syntax validation
元数据
Slug jrv-env-doctor
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Env Doctor 是什么?

Validate .env files for common issues — detect leaked secrets (AWS keys, GitHub tokens, Stripe keys, JWTs), find duplicate variables, flag empty values, comp... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 284 次。

如何安装 Env Doctor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install jrv-env-doctor」即可一键安装,无需额外配置。

Env Doctor 是免费的吗?

是的,Env Doctor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Env Doctor 支持哪些平台?

Env Doctor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Env Doctor?

由 John Wang(@johnnywang2001)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论