env-setup
Scan codebase for environment variables, generate .env.example, validate .env, and ensure .gitignore safety
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/fratua/env-setupenv-setup — Environment Variable Manager
Scan your codebase for all referenced environment variables, generate .env.example, validate your current .env, and ensure secrets aren't committed.
Steps
1. Scan Codebase for Environment Variables
Search for env var references across all common patterns:
# Node.js / JavaScript / TypeScript
grep -rn "process\.env\.\w\+" --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" . | grep -v node_modules | grep -v dist
# Python
grep -rn "os\.environ\|os\.getenv\|environ\.get" --include="*.py" . | grep -v __pycache__ | grep -v .venv
# Rust
grep -rn "env::var\|env::var_os\|dotenv" --include="*.rs" . | grep -v target
# Go
grep -rn "os\.Getenv\|os\.LookupEnv\|viper\." --include="*.go" . | grep -v vendor
# Docker / docker-compose
grep -rn "\${.*}" --include="*.yml" --include="*.yaml" docker-compose* 2>/dev/null
# General .env references in config files
grep -rn "env\." --include="*.toml" --include="*.yaml" --include="*.yml" . 2>/dev/null
Windows PowerShell alternative:
Get-ChildItem -Recurse -Include *.js,*.ts,*.jsx,*.tsx -Exclude node_modules,dist | Select-String "process\.env\.\w+"
Get-ChildItem -Recurse -Include *.py -Exclude __pycache__,.venv | Select-String "os\.environ|os\.getenv"
2. Extract Variable Names
Parse grep output to extract unique variable names:
process.env.DATABASE_URL→DATABASE_URLos.environ.get("SECRET_KEY", "default")→SECRET_KEY(default:default)os.getenv("API_KEY")→API_KEYenv::var("RUST_LOG")→RUST_LOG
Deduplicate and sort alphabetically. Note which file and line each var is referenced in.
3. Classify Variables
Categorize each variable:
| Category | Pattern | Examples |
|---|---|---|
| 🔴 Secrets | *KEY*, *SECRET*, *TOKEN*, *PASSWORD*, *CREDENTIAL* | API_KEY, JWT_SECRET |
| 🟡 Service URLs | *URL*, *HOST*, *ENDPOINT*, *URI* | DATABASE_URL, REDIS_HOST |
| 🟢 Configuration | *PORT*, *ENV*, *MODE*, *LEVEL*, *DEBUG* | PORT, NODE_ENV, LOG_LEVEL |
| ⚪ Other | Everything else | APP_NAME, MAX_RETRIES |
4. Generate .env.example
Create .env.example with descriptions, categories, and safe defaults:
# ============================================
# Environment Configuration
# Generated by env-setup skill
# ============================================
# --- App Configuration ---
NODE_ENV=development
PORT=3000
LOG_LEVEL=info
# --- Database ---
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# --- Authentication (🔴 SECRET — never commit real values) ---
JWT_SECRET=change-me-in-production
API_KEY=your-api-key-here
# --- External Services ---
REDIS_URL=redis://localhost:6379
Rules:
- Secrets get placeholder values (
change-me,your-xxx-here) - Config vars get sensible defaults
- Group by category with comment headers
- Add
🔴 SECRETwarning on sensitive vars
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-fratua-env-setup": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
data-analysis-skill
数据分析技能包 - 自动抓取、清洗、可视化、生成报告。适合数据分析师、运营人员,告别 Excel 手工操作。
polymarket-whale-copier
Copy trade winning Polymarket wallets automatically. Track whale wallets, mirror their bets at configurable percentages, with built-in risk management. No API keys needed.
opena2a-security
Security hardening for OpenClaw. Audit your configuration, scan installed skills for malware, detect CVE-2026-25253, check credential exposure, and get actionable fix recommendations. Runs locally with no external API calls.
sharkflow
⚡ SharkFlow - 链上任务自动化,智能合约交互队列 + 多签工作流
obsidian-cli
Skill for the official Obsidian CLI (v1.12+). Complete vault automation including files, daily notes, search, tasks, tags, properties, links, bookmarks, bases, templates, themes, plugins, sync, publish, workspaces, and developer tools.