direnv-pattern
Automates environment variable management using the b00t direnv pattern for secure project configurations.
Install this skill
Security score
The direnv-pattern skill was audited on Feb 9, 2026 and we found 68 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 273 | ```bash |
Template literal with variable interpolation in command context
| 370 | ```yaml |
Template literal with variable interpolation in command context
| 380 | ```yaml |
Access to hidden dotfiles in home directory
| 54 | 1. **Datums specify WHICH** - `~/.dotfiles/_b00t_/*.ai.toml` files specify required variable names |
Access to hidden dotfiles in home directory
| 83 | echo 'eval "$(direnv hook bash)"' >> ~/.bashrc |
Access to hidden dotfiles in home directory
| 86 | echo 'eval "$(direnv hook zsh)"' >> ~/.zshrc |
Access to hidden dotfiles in home directory
| 89 | echo 'direnv hook fish | source' >> ~/.config/fish/config.fish |
Access to hidden dotfiles in home directory
| 102 | # dotenv ~/.env |
Access to hidden dotfiles in home directory
| 158 | # dotenv ~/.env |
Access to hidden dotfiles in home directory
| 181 | # - Datums (~/.dotfiles/_b00t_/*.ai.toml) specify WHICH vars are required |
Access to hidden dotfiles in home directory
| 230 | validation = b00t_py.check_provider_env("openrouter", "~/.dotfiles/_b00t_") |
Access to hidden dotfiles in home directory
| 248 | dotenv ~/.env |
Access to hidden dotfiles in home directory
| 347 | providers = b00t_py.list_ai_providers("~/.dotfiles/_b00t_") |
Access to hidden dotfiles in home directory
| 351 | validation = b00t_py.check_provider_env("openrouter", "~/.dotfiles/_b00t_") |
Access to .env file
| 4 | Implements the b00t environment management pattern: direnv → .envrc → dotenv → .env |
Access to .env file
| 5 | where datums specify WHICH environment variables are required and .env contains |
Access to .env file
| 15 | - Set up direnv + .envrc + .env configuration |
Access to .env file
| 16 | - Follow the b00t pattern: WHICH (datums) vs VALUES (.env) |
Access to .env file
| 31 | - "configure .env file" |
Access to .env file
| 43 | dotenv loads .env file |
Access to .env file
| 55 | 2. **`.env` contains VALUES** - Actual API keys and secrets (gitignored) |
Access to .env file
| 64 | ├── .env # ← Contains actual API keys (GITIGNORED!) |
Access to .env file
| 66 | ├── .env.example # ← Shows required keys (committed) |
Access to .env file
| 67 | └── .gitignore # ← Must include .env and .envrc |
Access to .env file
| 96 | # This file demonstrates the b00t pattern: direnv → .envrc → dotenv → .env |
Access to .env file
| 98 | # Load project .env file (contains API keys) |
Access to .env file
| 101 | # Optionally load home directory .env for global keys |
Access to .env file
| 102 | # dotenv ~/.env |
Access to .env file
| 105 | # dotenv .env.local |
Access to .env file
| 106 | # dotenv .env.development |
Access to .env file
| 109 | ### 3. Create .env with API Keys |
Access to .env file
| 150 | # 2. Copy: cp .env.example .env |
Access to .env file
| 151 | # 3. Edit .env with your actual API keys |
Access to .env file
| 154 | # Load project .env file (contains API keys) |
Access to .env file
| 157 | # Optionally load home directory .env for global keys |
Access to .env file
| 158 | # dotenv ~/.env |
Access to .env file
| 161 | # dotenv .env.local |
Access to .env file
| 168 | ## .env.example Template |
Access to .env file
| 173 | # API keys are loaded via direnv → .envrc → dotenv → .env pattern. |
Access to .env file
| 176 | # 1. Copy: cp .env.example .env |
Access to .env file
| 177 | # 2. Fill in your actual API keys in .env |
Access to .env file
| 182 | # - This .env file contains the actual VALUES |
Access to .env file
| 213 | # Required: Must be present in .env file |
Access to .env file
| 236 | print("Add them to your .env file and run 'direnv allow'") |
Access to .env file
| 248 | dotenv ~/.env |
Access to .env file
| 263 | dotenv .env.production |
Access to .env file
| 265 | dotenv .env.staging |
Access to .env file
| 267 | dotenv .env.development |
Access to .env file
| 284 | echo " Add it to your .env file" |
Access to .env file
| 296 | - ✅ Add `.env` to `.gitignore` |
Access to .env file
| 298 | - ✅ Use `.env.example` as template (committed to git) |
Access to .env file
| 299 | - ✅ Store API keys only in `.env` files |
Access to .env file
| 305 | - ❌ Commit `.env` files to git |
Access to .env file
| 309 | - ❌ Share `.env` files via chat/email |
Access to .env file
| 316 | .env |
Access to .env file
| 318 | .env.local |
Access to .env file
| 319 | .env.*.local |
Access to .env file
| 322 | !.env.example |
Access to .env file
| 398 | 2. **Copy templates**: `.envrc.example` → `.envrc`, `.env.example` → `.env` |
Access to .env file
| 399 | 3. **Edit .env** with actual API keys |
Access to .env file
| 405 | 1. **Add to .env.example** (commented, as template) |
Access to .env file
| 406 | 2. **Add to .env** (actual value) |
Access to .env file
| 414 | 3. **Create .env**: Reference `.env.example` |
Access to .env file
| 428 | - `b00t-j0b-py/.env.example` - API keys template |
Access to .env file
| 436 | 2. **Secure**: Secrets in `.env` (gitignored), not in code |
Access to .env file
| 439 | 5. **Flexible**: Supports multiple `.env` files, local/global keys |
External URL reference
| 204 | # OLLAMA_BASE_URL=http://localhost:11434 |
External URL reference
| 217 | defaults = { OPENROUTER_API_BASE = "https://openrouter.ai/api/v1" } |