configuration-validator
Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.
Best use case
configuration-validator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.
Teams using configuration-validator should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/configuration-validator/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How configuration-validator Compares
| Feature / Agent | configuration-validator | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Validates environment variables, config files, and ensures all required settings are documented. Use when working with .env files, configs, or deployment settings.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Configuration Validator
Validates configuration files and environment variables to prevent runtime errors and missing settings.
## When to Use
- Working with environment variables or config files
- Deployment or configuration issues
- User mentions ".env", "config", "environment variables", or "settings"
## Instructions
### 1. Find Configuration Files
Search for:
- `.env`, `.env.example`, `.env.local`
- `config/`, `config.js`, `config.json`
- `settings.py`, `application.yml`
- `appsettings.json`, `.env.production`
### 2. Detect Missing Variables
**Compare .env.example vs .env:**
```bash
# Variables in example but not in .env
comm -23 <(grep -o '^[A-Z_]*' .env.example | sort) <(grep -o '^[A-Z_]*' .env | sort)
```
**Common required variables:**
```
DATABASE_URL
API_KEY
SECRET_KEY
NODE_ENV
PORT
```
### 3. Validate Variable Format
**Check for common issues:**
```javascript
// Missing quotes for values with spaces
DATABASE_URL=postgres://localhost/db name // Bad
DATABASE_URL="postgres://localhost/db name" // Good
// Missing protocol
API_URL=example.com // Bad
API_URL=https://example.com // Good
// Boolean as string
DEBUG=true // Might be interpreted as string
DEBUG=1 // More explicit
```
### 4. Validate Required Variables at Runtime
**Node.js example:**
```javascript
const requiredEnvVars = [
'DATABASE_URL',
'API_KEY',
'JWT_SECRET'
];
const missing = requiredEnvVars.filter(v => !process.env[v]);
if (missing.length > 0) {
throw new Error(`Missing required env vars: ${missing.join(', ')}`);
}
```
**Python example:**
```python
import os
REQUIRED_ENV_VARS = [
'DATABASE_URL',
'SECRET_KEY',
'ALLOWED_HOSTS'
]
missing = [var for var in REQUIRED_ENV_VARS if not os.getenv(var)]
if missing:
raise EnvironmentError(f"Missing env vars: {', '.join(missing)}")
```
### 5. Type Validation
**Validate types:**
```javascript
const config = {
port: parseInt(process.env.PORT || '3000', 10),
debug: process.env.DEBUG === 'true',
apiUrl: new URL(process.env.API_URL), // Throws if invalid
maxConnections: Number(process.env.MAX_CONNECTIONS),
};
// Validate
if (isNaN(config.port) || config.port < 1 || config.port > 65535) {
throw new Error('PORT must be a valid port number');
}
```
### 6. Generate .env.example
Create template from actual .env:
```bash
# Remove values, keep keys
sed 's/=.*/=/' .env > .env.example
```
**Or with placeholders:**
```
DATABASE_URL=postgres://user:password@localhost:5432/dbname
API_KEY=your_api_key_here
SECRET_KEY=generate_random_secret
PORT=3000
NODE_ENV=development
```
### 7. Configuration Schema
**Define schema (using Joi example):**
```javascript
const Joi = require('joi');
const envSchema = Joi.object({
NODE_ENV: Joi.string()
.valid('development', 'production', 'test')
.required(),
PORT: Joi.number()
.port()
.default(3000),
DATABASE_URL: Joi.string()
.uri()
.required(),
API_KEY: Joi.string()
.min(32)
.required(),
DEBUG: Joi.boolean()
.default(false),
}).unknown();
const { error, value } = envSchema.validate(process.env);
if (error) {
throw new Error(`Config validation error: ${error.message}`);
}
module.exports = value;
```
### 8. Security Checks
**Don't commit secrets:**
```bash
# Check if .env is gitignored
if ! grep -q "^\.env$" .gitignore; then
echo "Warning: .env not in .gitignore"
fi
# Check for hardcoded secrets in code
grep -r "api_key.*=.*['\"]" --exclude-dir=node_modules
```
**Common security issues:**
- Hardcoded passwords/keys
- Default secrets in production
- Exposed sensitive configs
- Unencrypted secrets
### 9. Environment-Specific Configs
**Organize by environment:**
```
.env.development
.env.staging
.env.production
.env.test
```
**Load appropriately:**
```javascript
require('dotenv').config({
path: `.env.${process.env.NODE_ENV || 'development'}`
});
```
### 10. Document All Variables
**Create CONFIG.md:**
```markdown
# Configuration
## Environment Variables
### Required
- `DATABASE_URL`: PostgreSQL connection string
- Format: `postgres://user:pass@host:port/db`
- Example: `postgres://app:secret@localhost:5432/myapp`
- `API_KEY`: Third-party API key
- Obtain from: https://dashboard.example.com
- Required scopes: read, write
### Optional
- `PORT`: Server port (default: 3000)
- `DEBUG`: Enable debug logging (default: false)
- `MAX_CONNECTIONS`: Database pool size (default: 10)
## Setup
1. Copy `.env.example` to `.env`
2. Fill in all required values
3. Run `npm run validate-config` to verify
```
### 11. Validation Script
Create `scripts/validate-config.js`:
```javascript
const fs = require('fs');
function validateConfig() {
const required = ['DATABASE_URL', 'API_KEY'];
const missing = required.filter(v => !process.env[v]);
if (missing.length > 0) {
console.error(`❌ Missing: ${missing.join(', ')}`);
process.exit(1);
}
console.log('✓ All required config variables present');
}
validateConfig();
```
### 12. Best Practices
- **Never commit .env**: Always gitignore
- **Maintain .env.example**: Keep it updated
- **Validate on startup**: Fail fast if misconfigured
- **Use strong defaults**: Sensible fallbacks
- **Document everything**: Explain each variable
- **Rotate secrets**: Regularly update keys
- **Use secret managers**: Vault, AWS Secrets Manager for production
- **Type check**: Validate types, not just presence
## Supporting Files
- `templates/config-validator.js`
- `templates/.env.example`
- `scripts/generate-env-example.sh`Related Skills
VSCode SFTP Configuration
Configure VSCode SFTP for deploying static websites to production servers. Provides complete workflow including production-ready Nginx configuration templates with security headers, caching strategies, and performance optimizations.
MCP Configuration Management
## Overview
yaml-config-validator
Yaml Config Validator - Auto-activating skill for DevOps Basics. Triggers on: yaml config validator, yaml config validator Part of the DevOps Basics skill category.
webhook-signature-validator
Webhook Signature Validator - Auto-activating skill for API Integration. Triggers on: webhook signature validator, webhook signature validator Part of the API Integration skill category.
validator-expert
Validate production readiness of Vertex AI Agent Engine deployments across security, monitoring, performance, compliance, and best practices. Generates weighted scores (0-100%) with actionable remediation plans. Use when asked to validate a deployment, run a production readiness check, audit security posture, or verify compliance for Vertex AI agents. Trigger with "validate deployment", "production readiness", "security audit", "compliance check", "is this agent ready for prod", "check my ADK agent", "review before deploy", or "production readiness check". Make sure to use this skill whenever validating ADK agents for Agent Engine.
finding-security-misconfigurations
This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses.
schema-validator
Schema Validator - Auto-activating skill for Data Pipelines. Triggers on: schema validator, schema validator Part of the Data Pipelines skill category.
request-validator-generator
Request Validator Generator - Auto-activating skill for Backend Development. Triggers on: request validator generator, request validator generator Part of the Backend Development skill category.
request-body-validator
Request Body Validator - Auto-activating skill for API Development. Triggers on: request body validator, request body validator Part of the API Development skill category.
plugin-validator
Validate automatically validates AI assistant code plugin structure, schemas, and compliance when user mentions validate plugin, check plugin, or plugin errors. runs comprehensive validation specific to AI assistant-code-plugins repository standards. Use when validating configurations or code. Trigger with phrases like 'validate', 'check', or 'verify'.
managing-environment-configurations
Implement environment and configuration management with comprehensive guidance and automation. Use when you need to work with environment configuration. Trigger with phrases like "manage environments", "configure environments", or "sync configurations".
jwt-token-validator
Jwt Token Validator - Auto-activating skill for Security Fundamentals. Triggers on: jwt token validator, jwt token validator Part of the Security Fundamentals skill category.