tokenized2027/env-validator
claude-code-framework/essential/skills/emergency/env-validator/SKILL.md
Validates .env files for missing variables, incorrect formats, exposed secrets, and configuration errors. Use when user says "check my .env", "environment variables missing", "config error", or mentions problems with environment setup.
development
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add tokenized2027/claude-initilization-v7 env-validatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:55 PM1.8s1 file scanned
SKILL.md
- name:
- env-validator
- description:
- Validates .env files for missing variables, incorrect formats, exposed secrets, and configuration errors. Use when user says "check my .env", "environment variables missing", "config error", or mentions problems with environment setup.
- author:
- Mastering Claude Code
- version:
- 1.0.0
- category:
- emergency
Environment Variable Validator
Checks .env files for common issues and security problems.
Validation Checks
Check 1: Required Variables Present
Common required variables for Next.js:
NEXT_PUBLIC_API_URL=
DATABASE_URL=
API_KEY=
Common required variables for Flask:
FLASK_APP=
DATABASE_URL=
SECRET_KEY=
How to check:
# List all env vars
cat .env.local
# Check for specific var
grep "DATABASE_URL" .env.local
Check 2: No Exposed Secrets
Security scan:
# Check for common secret patterns
grep -E "(password|secret|key|token)" .env.local
# Verify .env.local is in .gitignore
cat .gitignore | grep .env.local
If exposed:
# Remove from git history
git filter-branch --force --index-filter \
"git rm --cached --ignore-unmatch .env.local" \
--prune-empty --tag-name-filter cat -- --all
# Rotate all secrets immediately
Check 3: Correct Formats
URL format:
# Database URL
DATABASE_URL=postgresql://user:password@localhost:5432/dbname
# API URL (must start with http:// or https://)
NEXT_PUBLIC_API_URL=http://localhost:3000
Boolean format:
# Use lowercase true/false
DEBUG=true
# Not: DEBUG=True or DEBUG=1
Check 4: No Trailing Spaces
Common issue:
# Bad - has trailing space
API_KEY=abc123
# Good
API_KEY=abc123
Fix:
# Remove trailing spaces
sed -i 's/[[:space:]]*$//' .env.local
Check 5: Port Numbers Valid
Check ports:
# Ports should be 1-65535
PORT=3000 # Valid
PORT=70000 # Invalid (too high)
Common Issues
Issue 1: .env.local Not Loaded
Check:
# Verify file exists
ls -la .env.local
# Check file is readable
cat .env.local
# Restart dev server
npm run dev
Issue 2: Variable Not Accessible
Next.js:
# Browser-accessible vars need NEXT_PUBLIC_ prefix
NEXT_PUBLIC_API_URL=http://localhost:3000 # ✅ Works in browser
API_SECRET=abc123 # ✅ Server-side only
Issue 3: Wrong .env File
Next.js uses:
.env.local(local development, ignored by git).env.development(development defaults).env.production(production defaults).env(all environments)
Check you're editing the right one:
ls -la .env*
Quick Validation Script
#!/bin/bash
# Save as: scripts/validate-env.sh
echo "🔍 Validating .env.local..."
# Check file exists
if [ ! -f .env.local ]; then
echo "❌ .env.local not found"
exit 1
fi
# Check for exposed secrets
if grep -q "SECRET_KEY=" .env.local; then
echo "✅ SECRET_KEY present"
else
echo "⚠️ SECRET_KEY missing"
fi
# Check for trailing spaces
if grep -q "[[:space:]]$" .env.local; then
echo "⚠️ Trailing spaces detected"
fi
# Check .gitignore
if grep -q ".env.local" .gitignore; then
echo "✅ .env.local in .gitignore"
else
echo "❌ .env.local NOT in .gitignore - ADD IT NOW"
fi
echo "✅ Validation complete"
When to Use
✅ Use for: Checking .env files, finding missing vars, security scans ❌ Don't use for: Production secrets management, complex config architecture
Related Skills
tokenized2027/systematic-debugging
development
VerifiedTrustedCommunity
Methodical debugging using reproducible steps, instrumentation, and root-cause analysis. Use when something is broken and you don't know why. Triggers on "bug", "broken", "not working", "error", "fails intermittently", "regression", "unexpected behavior".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/prompt-engineering
development
VerifiedTrustedCommunity
Optimize prompts for Claude Code agents, API calls, and multi-agent orchestration. Use when writing system prompts, agent instructions, or refining LLM interactions. Triggers on "improve prompt", "write a prompt", "agent instructions", "system prompt", "prompt not working", "LLM output quality".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/brainstorming
tools
VerifiedTrustedCommunity
Structured ideation and design review before any creative or constructive work. Use before building features, components, architecture, dashboards, or automation workflows. Triggers on "plan this", "design this", "brainstorm", "think through", "what should we build", "how should I approach".
SKILL.mdUpdated Apr 16, 2026
tokenized2027/test-scaffold
testing
VerifiedTrustedCommunity
Generates test files for components and functions with setup, basic tests, and mocks. Use when user says "add tests", "create test", "test this component", or mentions testing.
SKILL.mdUpdated Apr 16, 2026