doesitscript/sanitize-envrc
.cursor/skills/sanitize-envrc/SKILL.md
Reads .envrc, creates or updates .envrc.sample with sanitized placeholder values safe for committing, and ensures .envrc is in .gitignore. Use when adding secrets to .envrc, setting up a new project environment, creating a sample env file, protecting secrets from git, or when asked to sanitize, clean, or document environment variables.
documentation
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add doesitscript/dotfile-vnext sanitize-envrcInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 12:29 AM355.4s1 file scanned
SKILL.md
- name:
- sanitize-envrc
- description:
- >-
Sanitize envrc
Steps
- Read
.envrcfrom project root - Produce
.envrc.samplewith secret values replaced by obvious fake values - Confirm
.envrcis in.gitignore— add it if missing
Secret detection
A variable is a secret when its name contains (case-insensitive):
KEY, SECRET, TOKEN, PASSWORD, PASS, CREDENTIAL, AUTH, APIKEY, API_KEY
Value rules
| Variable type | Output in sample |
|---|---|
| Secret variable | "your_VARNAME_here" |
| Boolean-like value (yes, no, true, false, *) | Keep as-is |
| Simple flag variable (non-secret name) | Keep as-is |
| Comment lines | Keep as-is |
| Blank lines | Keep as-is |
.envrc.sample header
Always write this as the first non-blank line:
# Copy this file to .envrc and fill in secret values. Do NOT commit .envrc.
Example
Input .envrc:
# Required for WinRM / Ansible on macOS
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=yes
export no_proxy=*
export APIKEY="sk-proj-abc123..."
export GITHUB_TOKEN="ghp_realtoken"
Output .envrc.sample:
# Copy this file to .envrc and fill in secret values. Do NOT commit .envrc.
# Required for WinRM / Ansible on macOS
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=yes
export no_proxy=*
export APIKEY="your_APIKEY_here"
export GITHUB_TOKEN="your_GITHUB_TOKEN_here"
.gitignore check
Search .gitignore for .envrc. If not present, append:
# secrets — do not commit
.envrc
Use Grep to check before appending — never duplicate the entry.
After writing
Run git status to confirm .envrc.sample shows as a new/modified file and .envrc does not appear as tracked.
Related Skills
doesitscript/zip-project-root
testing
VerifiedTrustedCommunity
Creates a zip archive from the project root while excluding .git and downloaded dependency/source folders. Use when the user asks to zip a project without git metadata or dependencies, including short trigger prompts like zipprojectroot, @zipprojectroot, archiveproject, or run zipprojectroot.
SKILL.mdUpdated Apr 16, 2026
doesitscript/register-doc-sources
documentation
VerifiedTrustedCommunity
Registers remote documentation URLs in project-level .cursor/config.json and processes them for active use. Use when the user provides doc sources, asks to add/index docs, or requests @doc handles with suggested titles.
SKILL.mdUpdated Apr 16, 2026
doesitscript/grouped-git-commits
testing
VerifiedTrustedCommunity
Stage only related work, exclude unrelated dirty files, and create one or more grouped multiline git commits with clear titles and bodies. Use when the user asks to add and commit current work cleanly, especially in a dirty worktree.
SKILL.mdUpdated Apr 16, 2026
doesitscript/github-issue-workflow
data-ai
VerifiedTrustedCommunity
Create, refine, close, and reference GitHub issues for concrete brainstorming, resumable work, next-state improvements, and feature follow-ups.
SKILL.mdUpdated Apr 16, 2026