Skip to main content

env-manager

Manages and validates environment variables for applications, ensuring proper configuration and security best practices.

Install this skill

or
33/100

Security score

The env-manager skill was audited on Feb 28, 2026 and we found 35 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 377

Template literal with variable interpolation in command context

SourceSKILL.md
377require('dotenv').config({ path: `.env.${process.env.NODE_ENV}` });
medium line 21

Access to .env file

SourceSKILL.md
21- Create .env.example template
medium line 82

Access to .env file

SourceSKILL.md
82## .env.example Template
low line 200

Access to .env file

SourceSKILL.md
200const env = envalid.cleanEnv(process.env, {
low line 295

Access to .env file

SourceSKILL.md
295env_file = ".env"
low line 316

Access to .env file

SourceSKILL.md
316.env
low line 317

Access to .env file

SourceSKILL.md
317.env.local
low line 318

Access to .env file

SourceSKILL.md
318.env.*.local
low line 338

Access to .env file

SourceSKILL.md
338# - .env files (gitignored)
low line 352

Access to .env file

SourceSKILL.md
352# Encrypt sensitive .env files
low line 354

Access to .env file

SourceSKILL.md
354sops -e .env > .env.encrypted
low line 358

Access to .env file

SourceSKILL.md
358echo '.env' >> .gitattributes
medium line 364

Access to .env file

SourceSKILL.md
364### Multiple .env Files
low line 366

Access to .env file

SourceSKILL.md
366.env # Default (committed .env.example)
low line 367

Access to .env file

SourceSKILL.md
367.env.local # Local overrides (gitignored)
low line 368

Access to .env file

SourceSKILL.md
368.env.development # Development
low line 369

Access to .env file

SourceSKILL.md
369.env.staging # Staging
low line 370

Access to .env file

SourceSKILL.md
370.env.production # Production (never committed!)
low line 376

Access to .env file

SourceSKILL.md
376require('dotenv').config({ path: '.env.local' });
low line 377

Access to .env file

SourceSKILL.md
377require('dotenv').config({ path: `.env.${process.env.NODE_ENV}` });
low line 378

Access to .env file

SourceSKILL.md
378require('dotenv').config({ path: '.env' });
low line 386

Access to .env file

SourceSKILL.md
386const apiKey = process.env.API_KEY;
low line 389

Access to .env file

SourceSKILL.md
389const apiKey = process.env.API_KEY;
low line 402

Access to .env file

SourceSKILL.md
402if (process.env.DEBUG === true) { } // Always false!
low line 405

Access to .env file

SourceSKILL.md
405const DEBUG = process.env.DEBUG === 'true';
low line 415

Access to .env file

SourceSKILL.md
415const PORT = process.env.PORT || 3000;
low line 416

Access to .env file

SourceSKILL.md
416const LOG_LEVEL = process.env.LOG_LEVEL || 'info';
low line 417

Access to .env file

SourceSKILL.md
417const ENABLE_CACHE = process.env.ENABLE_CACHE !== 'false'; // Default true
medium line 476

Access to .env file

SourceSKILL.md
476cp .env.example .env.local
medium line 477

Access to .env file

SourceSKILL.md
477# Edit .env.local with your local values
medium line 490

Access to .env file

SourceSKILL.md
490- Use `.env.example` as template (committed to git)
medium line 491

Access to .env file

SourceSKILL.md
491- Never commit actual `.env` files with secrets
low line 96

External URL reference

SourceSKILL.md
96APP_URL=http://localhost:3000
low line 169

External URL reference

SourceSKILL.md
169# SENTRY_DSN=https://[email protected]/xxxxx
low line 176

External URL reference

SourceSKILL.md
176CORS_ORIGINS=http://localhost:3000,http://localhost:3001
Scanned on Feb 28, 2026
View Security Dashboard
Installation guide →
GitHub Stars 278
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackenddevops-srebackend-developerdata-engineerdevelopment
aiskillstore/marketplace