configuration-validator
Validates environment variables and configuration files to ensure proper settings and prevent runtime errors.
Install this skill
Security score
The configuration-validator skill was audited on Feb 28, 2026 and we found 35 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 74 | throw new Error(`Missing required env vars: ${missing.join(', ')}`); |
Template literal with variable interpolation in command context
| 155 | throw new Error(`Config validation error: ${error.message}`); |
Template literal with variable interpolation in command context
| 193 | path: `.env.${process.env.NODE_ENV || 'development'}` |
Template literal with variable interpolation in command context
| 239 | console.error(`❌ Missing: ${missing.join(', ')}`); |
Access to .env file
| 3 | description: Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings. |
Access to .env file
| 14 | - User mentions ".env", "config", "environment variables", or "settings" |
Access to .env file
| 21 | - `.env`, `.env.example`, `.env.local` |
Access to .env file
| 24 | - `appsettings.json`, `.env.production` |
Access to .env file
| 28 | **Compare .env.example vs .env:** |
Access to .env file
| 30 | # Variables in example but not in .env |
Access to .env file
| 31 | comm -23 <(grep -o '^[A-Z_]*' .env.example | sort) <(grep -o '^[A-Z_]*' .env | sort) |
Access to .env file
| 71 | const missing = requiredEnvVars.filter(v => !process.env[v]); |
Access to .env file
| 99 | port: parseInt(process.env.PORT || '3000', 10), |
Access to .env file
| 100 | debug: process.env.DEBUG === 'true', |
Access to .env file
| 101 | apiUrl: new URL(process.env.API_URL), // Throws if invalid |
Access to .env file
| 102 | maxConnections: Number(process.env.MAX_CONNECTIONS), |
Access to .env file
| 111 | ### 6. Generate .env.example |
Access to .env file
| 113 | Create template from actual .env: |
Access to .env file
| 117 | sed 's/=.*/=/' .env > .env.example |
Access to .env file
| 152 | const { error, value } = envSchema.validate(process.env); |
Access to .env file
| 165 | # Check if .env is gitignored |
Access to .env file
| 166 | if ! grep -q "^\.env$" .gitignore; then |
Access to .env file
| 167 | echo "Warning: .env not in .gitignore" |
Access to .env file
| 184 | .env.development |
Access to .env file
| 185 | .env.staging |
Access to .env file
| 186 | .env.production |
Access to .env file
| 187 | .env.test |
Access to .env file
| 193 | path: `.env.${process.env.NODE_ENV || 'development'}` |
Access to .env file
| 223 | 1. Copy `.env.example` to `.env` |
Access to .env file
| 236 | const missing = required.filter(v => !process.env[v]); |
Access to .env file
| 251 | - **Never commit .env**: Always gitignore |
Access to .env file
| 252 | - **Maintain .env.example**: Keep it updated |
Access to .env file
| 262 | - `templates/.env.example` |
External URL reference
| 54 | API_URL=https://example.com // Good |
External URL reference
| 212 | - Obtain from: https://dashboard.example.com |