nikivdev/env
.ai/skills/env/SKILL.md
Manage environment variables and secrets with flow (always use Flow env store)
$ install --global
skillsauthnpx skillsauth add nikivdev/flow envInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 1:52 PM44.9s1 file scanned
SKILL.md
- name:
- env
- description:
- Manage environment variables and secrets with flow (always use Flow env store)
- source:
- flow-default
Environment Variables & Secrets
Flow provides a secure way to manage environment variables across projects.
Rules (Must)
- Always use Flow env store for secrets/tokens in Flow projects.
- Do not rely on shell env vars or
.envfiles for secrets unless they are injected viaf env. - For tasks/scripts that need secrets, fetch them with
f env getor run viaf env run.
Setup
1. Define variables in flow.toml
Add a [storage] section to your project's flow.toml:
[storage]
provider = "myflow.sh"
[[storage.envs]]
name = "local"
description = "Local development"
variables = [
{ key = "DATABASE_URL" },
{ key = "API_KEY" },
{ key = "SECRET_TOKEN", default = "" },
]
2. Set environment variables
Use f env set to store values:
# Set individual env vars
f env set API_KEY=abc123
f env set DATABASE_URL="postgres://..."
# Values are stored in ~/.config/flow/env-local/personal/production.env
3. Pull env vars to local .env
# Pull all env vars for the current environment
f env pull
# Show current env vars
f env list
# Get specific var
f env get API_KEY
Commands
| Command | Description |
|---------|-------------|
| f env set KEY=value | Store an env var |
| f env pull | Pull env vars to local .env file |
| f env push | Push local .env to cloud |
| f env list | List env vars for this project |
| f env get KEY | Get specific env var(s) |
| f env keys | Show configured env keys from flow.toml |
| f env setup | Interactive env setup |
| f env guide | Guided prompt to set required vars |
| f env run <cmd> | Run command with env vars injected |
Environment Selection
Flow supports multiple environments:
[[storage.envs]]
name = "local"
variables = [{ key = "DATABASE_URL" }]
[[storage.envs]]
name = "staging"
variables = [{ key = "DATABASE_URL" }]
[[storage.envs]]
name = "production"
variables = [{ key = "DATABASE_URL" }]
Example: Spotify CLI
[storage]
provider = "myflow.sh"
[[storage.envs]]
name = "local"
description = "Spotify API credentials"
variables = [
{ key = "SPOTIFY_CLIENT_ID" },
{ key = "SPOTIFY_CLIENT_SECRET" },
{ key = "SPOTIFY_ACCESS_TOKEN" },
{ key = "SPOTIFY_REFRESH_TOKEN", default = "" },
]
Then:
# Set your credentials (example values)
f env set SPOTIFY_CLIENT_ID=example_client_id
f env set SPOTIFY_CLIENT_SECRET=example_client_secret
# Run CLI with env vars injected
f env run bun run src/main.ts now
# Or pull to .env first
f env pull
source .env
bun run src/main.ts now
Task pattern (required for secrets)
When writing Flow tasks, prefer:
MY_TOKEN="$(FLOW_ENV_BACKEND=local f env get --personal MY_TOKEN -f value 2>/dev/null || true)"
if [ -z "${MY_TOKEN:-}" ]; then
echo "MY_TOKEN missing. Save it with envnew MY_TOKEN=..."
exit 1
fi
export MY_TOKEN
One-time passwords (1Password Connect)
Use Flow's OTP command to fetch TOTP codes from 1Password Connect:
f otp get <vault> <item> [--field <label>]
Requires:
OP_CONNECT_HOSTOP_CONNECT_TOKEN(env or Flow personal env store)
Storage Locations
- Personal env vars:
~/.config/flow/env-local/personal/production.env - Project env vars: Stored via myflow.sh cloud backend
- Local .env: Created in project root via
f env pull
Authentication
Flow uses a token stored in ~/.config/flow/auth.toml to authenticate. If you haven't authenticated:
f auth login
Security Notes
- Personal env vars stored locally in
~/.config/flow/ - Project env vars can be synced to cloud via
f env push - Never commit
.envfiles to git (add to.gitignore) - Use
f env runto inject vars without creating .env files
Related Skills
nikivdev/quality-bun-feature-delivery
development
VerifiedTrustedCommunity
Enforce tight Codex/Claude delivery loop with Bun-first testing, skill sync/reload, and commit quality gates.
21,144SKILL.mdUpdated Apr 16, 2026
nikivdev/pr-markdown-body-file
tools
VerifiedTrustedCommunity
Always edit/create GitHub PR bodies from a markdown file; never inline escaped newlines.
21,144SKILL.mdUpdated Apr 16, 2026
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026