aiskillstore/configuration-validator
skills/crazydubya/configuration-validator/SKILL.md
Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace configuration-validatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 6:13 PM66.5s2 files scanned
SKILL.md
- name:
- configuration-validator
- description:
- Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.
- allowed-tools:
- Read, Grep, Glob, Write, Bash
Configuration Validator
Validates configuration files and environment variables to prevent runtime errors and missing settings.
When to Use
- Working with environment variables or config files
- Deployment or configuration issues
- User mentions ".env", "config", "environment variables", or "settings"
Instructions
1. Find Configuration Files
Search for:
.env,.env.example,.env.localconfig/,config.js,config.jsonsettings.py,application.ymlappsettings.json,.env.production
2. Detect Missing Variables
Compare .env.example vs .env:
# Variables in example but not in .env
comm -23 <(grep -o '^[A-Z_]*' .env.example | sort) <(grep -o '^[A-Z_]*' .env | sort)
Common required variables:
DATABASE_URL
API_KEY
SECRET_KEY
NODE_ENV
PORT
3. Validate Variable Format
Check for common issues:
// Missing quotes for values with spaces
DATABASE_URL=postgres://localhost/db name // Bad
DATABASE_URL="postgres://localhost/db name" // Good
// Missing protocol
API_URL=example.com // Bad
API_URL=https://example.com // Good
// Boolean as string
DEBUG=true // Might be interpreted as string
DEBUG=1 // More explicit
4. Validate Required Variables at Runtime
Node.js example:
const requiredEnvVars = [
'DATABASE_URL',
'API_KEY',
'JWT_SECRET'
];
const missing = requiredEnvVars.filter(v => !process.env[v]);
if (missing.length > 0) {
throw new Error(`Missing required env vars: ${missing.join(', ')}`);
}
Python example:
import os
REQUIRED_ENV_VARS = [
'DATABASE_URL',
'SECRET_KEY',
'ALLOWED_HOSTS'
]
missing = [var for var in REQUIRED_ENV_VARS if not os.getenv(var)]
if missing:
raise EnvironmentError(f"Missing env vars: {', '.join(missing)}")
5. Type Validation
Validate types:
const config = {
port: parseInt(process.env.PORT || '3000', 10),
debug: process.env.DEBUG === 'true',
apiUrl: new URL(process.env.API_URL), // Throws if invalid
maxConnections: Number(process.env.MAX_CONNECTIONS),
};
// Validate
if (isNaN(config.port) || config.port < 1 || config.port > 65535) {
throw new Error('PORT must be a valid port number');
}
6. Generate .env.example
Create template from actual .env:
# Remove values, keep keys
sed 's/=.*/=/' .env > .env.example
Or with placeholders:
DATABASE_URL=postgres://user:password@localhost:5432/dbname
API_KEY=your_api_key_here
SECRET_KEY=generate_random_secret
PORT=3000
NODE_ENV=development
7. Configuration Schema
Define schema (using Joi example):
const Joi = require('joi');
const envSchema = Joi.object({
NODE_ENV: Joi.string()
.valid('development', 'production', 'test')
.required(),
PORT: Joi.number()
.port()
.default(3000),
DATABASE_URL: Joi.string()
.uri()
.required(),
API_KEY: Joi.string()
.min(32)
.required(),
DEBUG: Joi.boolean()
.default(false),
}).unknown();
const { error, value } = envSchema.validate(process.env);
if (error) {
throw new Error(`Config validation error: ${error.message}`);
}
module.exports = value;
8. Security Checks
Don't commit secrets:
# Check if .env is gitignored
if ! grep -q "^\.env$" .gitignore; then
echo "Warning: .env not in .gitignore"
fi
# Check for hardcoded secrets in code
grep -r "api_key.*=.*['\"]" --exclude-dir=node_modules
Common security issues:
- Hardcoded passwords/keys
- Default secrets in production
- Exposed sensitive configs
- Unencrypted secrets
9. Environment-Specific Configs
Organize by environment:
.env.development
.env.staging
.env.production
.env.test
Load appropriately:
require('dotenv').config({
path: `.env.${process.env.NODE_ENV || 'development'}`
});
10. Document All Variables
Create CONFIG.md:
# Configuration
## Environment Variables
### Required
- `DATABASE_URL`: PostgreSQL connection string
- Format: `postgres://user:pass@host:port/db`
- Example: `postgres://app:secret@localhost:5432/myapp`
- `API_KEY`: Third-party API key
- Obtain from: https://dashboard.example.com
- Required scopes: read, write
### Optional
- `PORT`: Server port (default: 3000)
- `DEBUG`: Enable debug logging (default: false)
- `MAX_CONNECTIONS`: Database pool size (default: 10)
## Setup
1. Copy `.env.example` to `.env`
2. Fill in all required values
3. Run `npm run validate-config` to verify
11. Validation Script
Create scripts/validate-config.js:
const fs = require('fs');
function validateConfig() {
const required = ['DATABASE_URL', 'API_KEY'];
const missing = required.filter(v => !process.env[v]);
if (missing.length > 0) {
console.error(`❌ Missing: ${missing.join(', ')}`);
process.exit(1);
}
console.log('✓ All required config variables present');
}
validateConfig();
12. Best Practices
- Never commit .env: Always gitignore
- Maintain .env.example: Keep it updated
- Validate on startup: Fail fast if misconfigured
- Use strong defaults: Sensible fallbacks
- Document everything: Explain each variable
- Rotate secrets: Regularly update keys
- Use secret managers: Vault, AWS Secrets Manager for production
- Type check: Validate types, not just presence
Supporting Files
templates/config-validator.jstemplates/.env.examplescripts/generate-env-example.sh
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026