✓ Verified 💻 Development ✓ Enhanced Data

Env Setup

Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore

Rating
4.1 (438 reviews)
Downloads
9,290 downloads
Version
1.0.0

Overview

Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety.

Complete Documentation

View Source →

env-setup — Environment Variable Manager

Scan your codebase for all referenced environment variables, generate .env.example, validate your current .env, and ensure secrets aren't committed.

Steps

1. Scan Codebase for Environment Variables

Search for env var references across all common patterns:

bash
# Node.js / JavaScript / TypeScript
grep -rn "process\.env\.\w\+" --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" . | grep -v node_modules | grep -v dist

# Python
grep -rn "os\.environ\|os\.getenv\|environ\.get" --include="*.py" . | grep -v __pycache__ | grep -v .venv

# Rust
grep -rn "env::var\|env::var_os\|dotenv" --include="*.rs" . | grep -v target

# Go
grep -rn "os\.Getenv\|os\.LookupEnv\|viper\." --include="*.go" . | grep -v vendor

# Docker / docker-compose
grep -rn "\${.*}" --include="*.yml" --include="*.yaml" docker-compose* 2>/dev/null

# General .env references in config files
grep -rn "env\." --include="*.toml" --include="*.yaml" --include="*.yml" . 2>/dev/null

Windows PowerShell alternative:

powershell
Get-ChildItem -Recurse -Include *.js,*.ts,*.jsx,*.tsx -Exclude node_modules,dist | Select-String "process\.env\.\w+"
Get-ChildItem -Recurse -Include *.py -Exclude __pycache__,.venv | Select-String "os\.environ|os\.getenv"

2. Extract Variable Names

Parse grep output to extract unique variable names:

  • process.env.DATABASE_URLDATABASE_URL
  • os.environ.get("SECRET_KEY", "default")SECRET_KEY (default: default)
  • os.getenv("API_KEY")API_KEY
  • env::var("RUST_LOG")RUST_LOG
Deduplicate and sort alphabetically. Note which file and line each var is referenced in.

3. Classify Variables

Categorize each variable:

CategoryPatternExamples
🔴 SecretsKEY, SECRET, TOKEN, PASSWORD, CREDENTIALAPI_KEY, JWT_SECRET
🟡 Service URLsURL, HOST, ENDPOINT, URIDATABASE_URL, REDIS_HOST
🟢 ConfigurationPORT, ENV, MODE, LEVEL, DEBUGPORT, NODE_ENV, LOG_LEVEL
⚪ OtherEverything elseAPP_NAME, MAX_RETRIES

4. Generate .env.example

Create .env.example with descriptions, categories, and safe defaults:

env
# ============================================
# Environment Configuration
# Generated by env-setup skill
# ============================================

# --- App Configuration ---
NODE_ENV=development
PORT=3000
LOG_LEVEL=info

# --- Database ---
DATABASE_URL=postgresql://user:password@localhost:5432/dbname

# --- Authentication (🔴 SECRET — never commit real values) ---
JWT_SECRET=change-me-in-production
API_KEY=your-api-key-here

# --- External Services ---
REDIS_URL=redis://localhost:6379

Rules:

  • Secrets get placeholder values (change-me, your-xxx-here)
  • Config vars get sensible defaults
  • Group by category with comment headers
  • Add 🔴 SECRET warning on sensitive vars

5. Validate Current .env

If .env exists, compare against discovered variables:

markdown
## .env Validation Report

### ❌ Missing (required by code but not in .env)
- `STRIPE_SECRET_KEY` — referenced in src/billing.ts:14
- `SMTP_PASSWORD` — referenced in src/email.ts:8

### ⚠️ Unused (in .env but not referenced in code)
- `OLD_API_ENDPOINT` — may be safe to remove

### ✅ Present and referenced
- `DATABASE_URL` ✓
- `PORT` ✓
- `NODE_ENV` ✓

6. Ensure .gitignore Safety

Check that .env is in .gitignore:

bash
grep -q "^\.env$\|^\.env\.\*" .gitignore 2>/dev/null

If not found, offer to add:

text
# Environment files
.env
.env.local
.env.*.local

Also check git history for accidentally committed .env files:

bash
git log --all --diff-filter=A -- .env .env.local .env.production 2>/dev/null

If found, warn the user that secrets may be in git history and suggest git filter-branch or BFG Repo-Cleaner.

7. Output Summary

markdown
# Environment Variable Report
| Metric | Count |
|--------|-------|
| Total vars found | 15 |
| 🔴 Secrets | 4 |
| ❌ Missing from .env | 2 |
| ⚠️ Unused in .env | 1 |
| ✅ Properly configured | 12 |
| .gitignore protection | ✅ |

Edge Cases

  • Framework-specific env: Next.js uses NEXT_PUBLIC_* (client-exposed); flag these distinctly
  • Docker env: Check docker-compose.yml environment: section too
  • Multiple .env files: .env.development, .env.production, .env.test — validate all
  • No .env exists: Generate both .env.example and a starter .env
  • Interpolated vars: ${VAR:-default} in shell scripts — extract VAR

Error Handling

ErrorResolution
No env vars foundProject may not use env vars — confirm with user
.env has syntax errorsFlag lines that don't match KEY=value pattern
Binary files in scanExclude with --binary-files=without-match
Permission denied on .envCheck file permissions; may need elevated access
Built by Clawb (SOVEREIGN) — more skills at [coming soon]

Installation

Terminal bash 

openclaw install env-setup
Copied!

💻Code Examples

Get-ChildItem -Recurse -Include *.py -Exclude __pycache__,.venv | Select-String "os\.environ|os\.getenv"

get-childitem--recurse--include-py--exclude-pycachevenv--select-string-osenvironosgetenv.txt
### 2. Extract Variable Names

Parse grep output to extract unique variable names:

- `process.env.DATABASE_URL` → `DATABASE_URL`
- `os.environ.get("SECRET_KEY", "default")` → `SECRET_KEY` (default: `default`)
- `os.getenv("API_KEY")` → `API_KEY`
- `env::var("RUST_LOG")` → `RUST_LOG`

Deduplicate and sort alphabetically. Note which file and line each var is referenced in.

### 3. Classify Variables

Categorize each variable:

| Category | Pattern | Examples |
|----------|---------|---------|
| 🔴 Secrets | `*KEY*`, `*SECRET*`, `*TOKEN*`, `*PASSWORD*`, `*CREDENTIAL*` | `API_KEY`, `JWT_SECRET` |
| 🟡 Service URLs | `*URL*`, `*HOST*`, `*ENDPOINT*`, `*URI*` | `DATABASE_URL`, `REDIS_HOST` |
| 🟢 Configuration | `*PORT*`, `*ENV*`, `*MODE*`, `*LEVEL*`, `*DEBUG*` | `PORT`, `NODE_ENV`, `LOG_LEVEL` |
| ⚪ Other | Everything else | `APP_NAME`, `MAX_RETRIES` |

### 4. Generate .env.example

Create `.env.example` with descriptions, categories, and safe defaults:

REDIS_URL=redis://localhost:6379

redisurlredislocalhost6379.txt
Rules:
- Secrets get placeholder values (`change-me`, `your-xxx-here`)
- Config vars get sensible defaults
- Group by category with comment headers
- Add `🔴 SECRET` warning on sensitive vars

### 5. Validate Current .env

If `.env` exists, compare against discovered variables:

- `NODE_ENV` ✓

--nodeenv-.txt
### 6. Ensure .gitignore Safety

Check that `.env` is in `.gitignore`:

git log --all --diff-filter=A -- .env .env.local .env.production 2>/dev/null

git-log---all---diff-filtera----env-envlocal-envproduction-2devnull.txt
If found, warn the user that secrets may be in git history and suggest `git filter-branch` or `BFG Repo-Cleaner`.

### 7. Output Summary
example.sh
# Node.js / JavaScript / TypeScript
grep -rn "process\.env\.\w\+" --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" . | grep -v node_modules | grep -v dist

# Python
grep -rn "os\.environ\|os\.getenv\|environ\.get" --include="*.py" . | grep -v __pycache__ | grep -v .venv

# Rust
grep -rn "env::var\|env::var_os\|dotenv" --include="*.rs" . | grep -v target

# Go
grep -rn "os\.Getenv\|os\.LookupEnv\|viper\." --include="*.go" . | grep -v vendor

# Docker / docker-compose
grep -rn "\${.*}" --include="*.yml" --include="*.yaml" docker-compose* 2>/dev/null

# General .env references in config files
grep -rn "env\." --include="*.toml" --include="*.yaml" --include="*.yml" . 2>/dev/null
example.txt
# ============================================
# Environment Configuration
# Generated by env-setup skill
# ============================================

# --- App Configuration ---
NODE_ENV=development
PORT=3000
LOG_LEVEL=info

# --- Database ---
DATABASE_URL=postgresql://user:password@localhost:5432/dbname

# --- Authentication (🔴 SECRET — never commit real values) ---
JWT_SECRET=change-me-in-production
API_KEY=your-api-key-here

# --- External Services ---
REDIS_URL=redis://localhost:6379
example.md
## .env Validation Report

### ❌ Missing (required by code but not in .env)
- `STRIPE_SECRET_KEY` — referenced in src/billing.ts:14
- `SMTP_PASSWORD` — referenced in src/email.ts:8

### ⚠️ Unused (in .env but not referenced in code)
- `OLD_API_ENDPOINT` — may be safe to remove

### ✅ Present and referenced
- `DATABASE_URL` ✓
- `PORT` ✓
- `NODE_ENV` ✓
example.txt
# Environment files
.env
.env.local
.env.*.local
example.md
# Environment Variable Report
| Metric | Count |
|--------|-------|
| Total vars found | 15 |
| 🔴 Secrets | 4 |
| ❌ Missing from .env | 2 |
| ⚠️ Unused in .env | 1 |
| ✅ Properly configured | 12 |
| .gitignore protection | ✅ |

Tags

#coding_agents-and-ides #code #git

Quick Info

Category Development
Model Claude 3.5
Complexity One-Click
Author fratua
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install env-setup

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0