env-inspector
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseENV Inspector
ENV检查工具
Reads files and emits a redacted view: keys are always shown, values are shown only when they look unambiguously safe. Anything ambiguous is replaced with .
.env<redacted>读取文件并输出脱敏后的视图:键名始终显示,仅当值看起来明确安全时才会显示。任何模糊不清的内容都会被替换为。
.env<redacted>Usage
使用方法
bash
bash .agents/skills/env-inspector/scripts/env-safe-read.sh /path/to/.envInspect every in a project (excluding examples):
.env*bash
for f in $(find . -maxdepth 3 -name '.env*' -not -name '.env.example' -not -path '*/node_modules/*'); do
echo "--- $f ---"
bash .agents/skills/env-inspector/scripts/env-safe-read.sh "$f"
echo ""
donebash
bash .agents/skills/env-inspector/scripts/env-safe-read.sh /path/to/.env检查项目中所有文件(排除示例文件):
.env*bash
for f in $(find . -maxdepth 3 -name '.env*' -not -name '.env.example' -not -path '*/node_modules/*'); do
echo "--- $f ---"
bash .agents/skills/env-inspector/scripts/env-safe-read.sh "$f"
echo ""
doneHow redaction works
脱敏机制
Four layers, all default-deny. A value is shown only if it survives all of them:
- Sensitive-key block. Keys matching are redacted regardless of value.
KEY|SECRET|TOKEN|PASSWORD|PASS|CREDENTIAL|AUTH|PRIVATE|SIGNING|HASH|SALT|ENCRYPTION|JWT|BEARER|COOKIE|CSRF|SESSION|DSN|WEBHOOK_URL - Token-pattern blocklist. Values matching known shapes (,
sk-…,pk_live_…,ghp_…,github_pat_…JWT,eyJ…,AKIA…,xox[abprs]-…,AIza…,glpat-…,npm_…) are redacted.dckr_pat_… - Shannon entropy. Values ≥16 chars with entropy ≥3.5 bits/char are redacted (catches random tokens that don't match a known prefix).
- Positive allowlist. What survives is shown only if it matches a known-safe shape: booleans, numbers, log levels, localhost/loopback, short non-random strings (≤20 chars), or HTTP(S) URLs without embedded credentials and without long random query strings.
@
采用四层默认拒绝机制。只有通过所有检查的值才会被显示:
- 敏感键拦截:匹配的键,无论值是什么都会被脱敏。
KEY|SECRET|TOKEN|PASSWORD|PASS|CREDENTIAL|AUTH|PRIVATE|SIGNING|HASH|SALT|ENCRYPTION|JWT|BEARER|COOKIE|CSRF|SESSION|DSN|WEBHOOK_URL - 令牌模式黑名单:匹配已知格式(、
sk-…、pk_live_…、ghp_…、github_pat_…JWT、eyJ…、AKIA…、xox[abprs]-…、AIza…、glpat-…、npm_…)的值会被脱敏。dckr_pat_… - Shannon entropy检查:长度≥16字符且熵≥3.5比特/字符的值会被脱敏(捕获不匹配已知前缀的随机令牌)。
- 正向白名单:通过上述检查的值仅在匹配已知安全格式时才会显示:布尔值、数字、日志级别、localhost/回环地址、短非随机字符串(≤20字符),或不包含嵌入凭证且无长随机查询字符串的HTTP(S) URL。
@
What this skill is and isn't
本工具的适用场景与局限性
- Is: a heuristic that makes leaks much less likely when summarizing env config.
- Isn't: a cryptographic guarantee. A short, human-chosen password under an innocent key (e.g. ) can still slip through.
MY_PIN=hunter12 - For high-stakes contexts (production secrets, audit logs), inspect manually instead.
- 适用场景:一种启发式工具,在汇总环境配置时能大幅降低泄露风险。
- 局限性:不提供加密级别的安全保证。例如,使用普通键名(如)的短人工密码仍可能被遗漏。
MY_PIN=hunter12 - 对于高风险场景(生产环境机密、审计日志),请手动检查。
Path-gate hook
路径网关钩子
The skill ships with a hook () that:
PreToolUsehooks/path-gate.sh- Allows to run only against paths inside
env-safe-read.sh.$CLAUDE_PROJECT_DIR - Rejects any target whose filename doesn't match a pattern.
.env - Rejects paths containing traversal.
..
The hook is a guardrail, not the primary defense — the redaction in the script is what protects you. The hook just ensures the script can't be aimed at, say, by an over-eager agent.
/etc/postgresql/.envIf your harness doesn't honor skill-level frontmatter, copy the matcher block into your project or run the script manually.
hooks.claude/settings.json本工具附带一个钩子(),功能如下:
PreToolUsehooks/path-gate.sh- 仅允许在
env-safe-read.sh路径内运行。$CLAUDE_PROJECT_DIR - 拒绝文件名不匹配模式的目标文件。
.env - 拒绝包含路径遍历的请求。
..
该钩子是防护栏,而非主要防御手段——脚本中的脱敏机制才是核心保护措施。钩子仅用于防止过度活跃的Agent将脚本指向例如等路径。
/etc/postgresql/.env如果你的工具框架不支持技能级别的前置配置,请将匹配块复制到项目的中,或手动运行脚本。
hooks.claude/settings.jsonCompatibility
兼容性
- Requires and
bash(entropy calc). No Python or jq dependency.awk - The hook uses for JSON parsing to avoid a
seddep — fragile but works for the standard Claude Code tool-call shape.jq
- 需要和
bash(用于熵计算)。无需Python或jq依赖。awk - 钩子使用进行JSON解析以避免依赖jq——虽然不够健壮,但能处理标准Claude Code工具调用格式。
sed