Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From uitkit
Audits environment variable usage across the codebase, detecting secrets at risk, missing or unused variables, inconsistencies across environments, and naming hygiene issues.
How this command is triggered — by the user, by Claude, or both
Slash command
/uitkit:env-audit [path or file glob to scan]devops/The summary Claude sees in its command listing — used to decide when to auto-load this command
Audit environment variable usage in: $ARGUMENTS (default: entire project) Scan all source files, config files, Dockerfiles, compose files, CI/CD definitions, and deployment manifests. Report findings in these categories: **1. Secrets at risk** - Hardcoded credentials, tokens, API keys, or passwords in any file tracked by git - `.env` files that are not gitignored - Secrets interpolated directly into shell `run:` steps in CI (injection risk) - Docker `ARG`/`ENV` instructions that bake secrets into image layers **2. Missing variables** - Variables referenced in code (process.env.X, os.env...
Audit environment variable usage in: $ARGUMENTS (default: entire project)
Scan all source files, config files, Dockerfiles, compose files, CI/CD definitions, and deployment manifests.
Report findings in these categories:
1. Secrets at risk
.env files that are not gitignoredrun: steps in CI (injection risk)ARG/ENV instructions that bake secrets into image layers2. Missing variables
.env.example, docker-compose.yml, Kubernetes Secret/ConfigMap, or documented defaults3. Unused variables
.env, .env.example, Compose, or manifests that are never read in code4. Inconsistencies
DATABASE_URL in compose vs DB_URL in k8s)5. Hygiene
SCREAMING_SNAKE_CASE)sensitive in Terraform or type: kubernetes.io/Opaque in k8s Secrets.env files committed with real valuesOutput format:
critical / warning / info), and one-line remediationDo not print file contents verbatim — cite locations and quote only the relevant line.
npx claudepluginhub uitbreidenos/uitkit/env-setupSets up and audits environment variables for a service across local, Railway, and AWS. Generates .env.example, validates required vars, flags missing ones. Supports local, railway, aws, audit modes.
/sync-envSynchronizes environment variables across dev, staging, and production by scanning code/.env files, identifying discrepancies/unused vars, generating updated .env.example, and reporting changes.
/env-validatorValidates .env files against schemas with type checking, required vars verification, format validation, security scans. Generates .env.example, checks missing vars, supports compare.
/configuration-reviewAnalyzes configuration management, environment variables, secrets handling, and settings organization for security risks and improvements. Generates prioritized markdown report saved to /reports.
/preflightRuns production-readiness preflight checks on files or directories. Auto-detects infrastructure config types (K8s, Terraform, GitHub Actions, Helm, Flux, Dockerfiles, shell scripts), applies type-specific checks, and produces a summary table with verdict.
/auditAudits specified code scope for security issues: OWASP Top 10, secrets, dependencies, IaC, and configs. Defaults to uncommitted changes.