ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bitwarden CLI

v1.1.1

Securely interact with Bitwarden password manager via the bw CLI. Covers authentication (login/unlock/logout), vault operations (list/get/create/edit/delete...

0· 1.4k·3 current·3 all-time
byTFM@0x7466
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md is a thorough command/reference guide for the Bitwarden 'bw' CLI (login/unlock/sync/list/get/create/edit/export/serve/etc.). The commands, options, and workflows described align with the stated purpose of interacting with Bitwarden via the bw CLI.
!
Instruction Scope
The instructions explicitly reference reading and exporting secrets (e.g., BW_PASSWORD, BW_SESSION), using API key environment variables (BW_CLIENTID, BW_CLIENTSECRET), reading password files (--passwordfile), attaching files, exporting vaults to paths, and running a local REST server (bw serve) including an option that disables origin protection. Those are legitimate bw workflows, but they involve sensitive secrets and local files; the SKILL.md grants broad operational suggestions (unlock-first fallback to login, auto-export patterns) and does not constrain or warn sufficiently about risks. Importantly, the instructions access environment variables and files not declared in the skill metadata.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing will be written or downloaded by the skill itself. That is low-risk from an installation perspective. Note: the registry metadata lists an unknown source/homepage which reduces transparency but does not change the install risk because nothing is installed.
!
Credentials
The skill metadata declares no required environment variables, yet the runtime instructions use sensitive variables: BW_PASSWORD, BW_SESSION, BW_CLIENTID, BW_CLIENTSECRET and suggest sourcing secrets from files. Asking for or relying on these secrets is expected for a Bitwarden CLI guide, but the metadata omission is an incoherence — the skill does not declare the sensitive environment access it instructs the agent to use. That makes it easier for a user to miss the fact the agent may read or instruct use of private credentials.
Persistence & Privilege
The skill does not request persistent presence (always: false), does not install components, and does not modify other skills or system configurations. Autonomous invocation is enabled by default but is not combined with other high-risk factors in the manifest.
What to consider before installing
This skill is essentially a detailed reference for the official Bitwarden CLI and is coherent with that purpose, but exercise caution before installing or using it: - The SKILL.md expects you to use sensitive environment variables (BW_PASSWORD, BW_SESSION, BW_CLIENTID, BW_CLIENTSECRET) and password files, yet the skill metadata lists no required env vars. That mismatch means the skill may instruct the agent to read/write secrets without the metadata making that explicit. Treat any prompts or instructions that export secrets into env vars or files as high-risk. - The 'bw serve' command can expose data if misconfigured; the doc even mentions a '--disable-origin-protection' flag that is dangerous. Avoid running a local server unless you understand the networking implications. - Because this is instruction-only and the source/homepage are not provided, verify the bw binary you install comes from the official Bitwarden distribution (bitwarden.com) and check upstream docs and checksums yourself. Do not follow binary-download instructions from untrusted third parties. - Prefer ephemeral session usage (unlock into BW_SESSION only in a short-lived process) and avoid storing plain-text passwords in environment variables or files unless you control the environment and accept the risk. If you need to proceed: only enable the skill on-demand (don’t set always:true), confirm the skill’s source or prefer an official/verified skill, and audit any agent actions that would read or write your Bitwarden credentials or export vault data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9713d526f7y8efr1h1yrbgspx8140b1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments