Init — Full Project Setup from Scratch
Sets up a complete local development environment for Gradient Bang, ensuring all dependencies and configurations are in place.
Install this skill
Security score
The Init — Full Project Setup from Scratch skill was audited on Jun 3, 2026 and we found 33 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Access to .env file
| 38 | ### 3. Create `.env.supabase` |
Access to .env file
| 60 | ' > .env.supabase |
Access to .env file
| 70 | set -a && source .env.supabase && set +a |
Access to .env file
| 87 | set -a && source .env.supabase && set +a |
Access to .env file
| 103 | ### 7. Create `.env.bot` from example |
Access to .env file
| 109 | cp env.bot.example .env.bot |
Access to .env file
| 112 | The `.env.bot` file needs values from two sources: |
Access to .env file
| 114 | **Auto-populated from `.env.supabase`** (fill these in automatically): |
Access to .env file
| 115 | - `SUPABASE_URL` — copy from `.env.supabase` |
Access to .env file
| 116 | - `SUPABASE_SERVICE_ROLE_KEY` — copy from `.env.supabase` |
Access to .env file
| 117 | - `EDGE_API_TOKEN` — copy from `.env.supabase` |
Access to .env file
| 126 | Use AskUserQuestion to collect these keys one prompt at a time. For each key, show the service name and where to get it. If the user provides a value, write it into `.env.bot`. If the user skips a key |
Access to .env file
| 128 | After filling in the keys, use `sed` or similar to update the values in `.env.bot`. |
Access to .env file
| 137 | - Confirm `DAILY_API_KEY` is set in `.env.bot` (the env.bot.example already lists it; if blank, prompt the user for it the same way as the other API keys in step 7). |
Access to .env file
| 138 | - Write `VITE_PIPECAT_TRANSPORT=daily` to `client/app/.env.local` (create the file if missing; if it exists with a different value, ask before overwriting). |
Access to .env file
| 141 | - No client env file needed (the client defaults to smallwebrtc). If `client/app/.env.local` already exists with `VITE_PIPECAT_TRANSPORT=daily`, ask whether to remove/change it. |
Access to .env file
| 147 | - `.env.supabase` created |
Access to .env file
| 150 | - `.env.bot` created (list which API keys were provided vs skipped) |
Access to .env file
| 155 | npx supabase functions serve --workdir deployment --no-verify-jwt --env-file .env.supabase |
Access to .env file
| 159 | set -a && source .env.bot && set +a && uv run bot --host 0.0.0.0 |
Access to .env file
| 161 | set -a && source .env.bot && set +a && uv run bot --host 0.0.0.0 -t daily |
Access to .env file
| 171 | Substitute the bot command for whichever transport the user picked in step 7b. If they picked **daily**, the `VITE_PIPECAT_TRANSPORT=daily` written to `client/app/.env.local` makes the client match wi |
Access to .env file
| 176 | - If `.env.supabase` or `.env.bot` already exist, always ask before overwriting. |
External URL reference
| 55 | print "BOT_START_URL= # used in start function to specify bot start URL. #default: \"http://host.docker.internal:7860/start\"" |
External URL reference
| 100 | open http://127.0.0.1:54323 |
External URL reference
| 120 | - `DEEPGRAM_API_KEY` — for speech-to-text (https://console.deepgram.com) |
External URL reference
| 121 | - `CARTESIA_API_KEY` — for text-to-speech (https://play.cartesia.ai) |
External URL reference
| 122 | - `GOOGLE_API_KEY` — for Gemini LLM, used by voice and UI agent (https://aistudio.google.com/apikey) |
External URL reference
| 123 | - `ANTHROPIC_API_KEY` — for Claude LLM, used by task agent (https://console.anthropic.com) |
External URL reference
| 124 | - `OPENAI_API_KEY` — for OpenAI models (https://platform.openai.com/api-keys) |
External URL reference
| 146 | - Supabase is running (Studio at http://127.0.0.1:54323) |
External URL reference
| 166 | # Then open http://localhost:5173 |
External URL reference
| 168 | # http://localhost:5173/?transport=daily |