overthinkos/direnv
ov-coder/skills/direnv/SKILL.md
direnv -- automatic environment variable loading from .envrc files. Use when working with direnv, .envrc, .secrets, or environment management.
tools
Updated May 10, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins direnvInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 10, 2026, 5:20 AM171.2s1 file scanned
SKILL.md
- name:
- direnv
- description:
- |
direnv -- Automatic environment variable loading
Layer Properties
| Property | Value |
|----------|-------|
| Install files | layer.yml (packages only) |
Packages
RPM: direnv · PAC: direnv · DEB: direnv — full cross-distro parity.
Usage
# image.yml
my-image:
layers:
- direnv
Typically used as part of the agent-forwarding composition layer rather than directly. Also available in the heavyweight dev-tools layer (46 packages).
Runtime Behavior
Provides the direnv binary AND the per-shell hook installation (post-2026-05 cutover) for automatic environment variable loading from .envrc files.
Shell hooks are now declarative (2026-05 cutover). The layer carries a shell: block:
shell:
init: |
eval "$(direnv hook ${SHELL_NAME})" # bash/zsh/sh — POSIX-style
fish:
init: |
direnv hook fish | source # fish — different syntax
Container images get /etc/profile.d/ov-direnv-<shell>.sh and /etc/fish/conf.d/ov-direnv.fish emitted at ov image build time. target: local host deploys get a managed-block in ~/.bashrc / ~/.zshrc plus ~/.config/fish/conf.d/ov-direnv.fish at ov deploy add time, only for shells the runtime probe finds. The pre-cutover bug (fish hook missing because ~/.config/fish/config.fish was never edited) is structurally fixed.
The primary use case in Overthink is the .secrets workflow: .envrc calls eval "$(ov secrets gpg env)" which decrypts a GPG-encrypted .secrets file in memory and exports the variables — no plaintext on disk. No external direnvrc dependency needed.
Used In Images
Part of agent-forwarding composition layer, used in 27 application images.
Also available in dev-tools layer (used in bazzite-ai, fedora-remote).
Related Layers
/ov-foundation:agent-forwarding-- metalayer that includes gnupg + direnv + ssh-client/ov-foundation:gnupg-- GPG tools (needed for.secretsdecryption)/ov-coder:dev-tools-- heavyweight layer that also includes direnv (46 packages)
Cross-References
/ov-build:secrets--ov secrets gpgcommands for managing.secretsfiles,ov secrets gpg setupfor GPG agent + KeePassXC configuration,ov secrets gpg doctorfor health checks
When to Use This Skill
Use when the user asks about:
- direnv or
.envrcfiles - The
direnvlayer - Automatic environment variable loading
- The
.secrets+ direnv workflow
Related
/ov-build:layer— layer authoring reference (layer.ymlschema, task verbs, service declarations)/ov-build:eval— declarative testing (eval:block,ov eval image,ov eval live)
Related Skills
overthinkos/agents
development
VerifiedTrustedCommunity
Claude Code multi-agent support in Overthink — sub-agents, dynamic workflows, and agent teams, and how each drives the existing `ov eval` disposable beds to test and verify. MUST be invoked before authoring or invoking an ov sub-agent / dynamic workflow / agent team, wiring agent-lifecycle hooks, or asking "which primitive should drive the R10 beds?".
SKILL.mdUpdated May 31, 2026
overthinkos/workspace-mount
tools
VerifiedTrustedCommunity
Mounts a virtiofs share tagged `workspace` at /workspace inside a VM guest via a systemd .mount unit. Use when a kind:vm entity shares a host directory into the guest and you need it auto-mounted (and re-mounted at every boot).
SKILL.mdUpdated May 30, 2026
overthinkos/android
development
VerifiedTrustedCommunity
MUST be invoked before any work involving: the `kind: android` schema kind, a `target: android` deploy, the `apk:` layer package format (installing Android apps declaratively), AndroidDeployTarget, an in-pod emulator OR a remote/physical adb-endpoint device, or nested `pod → android` deployment. The first-class Android device + app surface that sits above `ov eval adb`/`appium`.
SKILL.mdUpdated May 26, 2026
overthinkos/git-workflow
tools
VerifiedTrustedCommunity
Use when committing, branching, pushing, merging, tagging, creating PRs, or approving/merging PRs with gh — the feat/-branch, R10-gated, never-force-push landing workflow across the main repo + the plugins submodule + image/<distro> submodules. Covers sync-to-upstream, branch/worktree pruning, the fork+PR path for contributors without write access, and cross-repo @github landing order.
SKILL.mdUpdated May 25, 2026