evernote-multi-env-setup
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard configuration loader that separates environment-specific logic (development, staging, production) into distinct files, which is a recommended practice for secure application architecture.\n- [SAFE]: Dynamic module loading via 'require' in the configuration loader is constrained to the local 'config' directory and utilizes the 'NODE_ENV' environment variable, a common and accepted pattern in Node.js development.\n- [SAFE]: The skill avoids hardcoding sensitive production credentials, instead providing clear instructions for using environment variables and secure secret stores (e.g., GitHub Secrets) for managing Evernote API keys and database strings.\n- [SAFE]: The provided Docker Compose configuration uses industry-standard default credentials for local development environments, which does not compromise production security.\n- [SAFE]: All external resources and packages mentioned (such as lodash.merge and the Evernote SDK) are standard, well-known libraries appropriate for the skill's stated purpose.
Audit Metadata