ClawHub

Bitwarden

v0.1.0

Set up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.

3· 2.1k·4 current·4 all-time
by@jimihford
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required binaries (bw, tmux), and the install spec (brew formulas for bitwarden-cli and tmux) are coherent with a Bitwarden CLI helper. Asking for tmux to persist BW_SESSION is a plausible design choice.
!
Instruction Scope
SKILL.md contains detailed runtime steps that reference additional files and conventions that are not present in the package: references/* docs, ./scripts/*.sh, and a 'tmux' skill for socket conventions. It also uses environment variables (CLAWDBOT_TMUX_SOCKET_DIR, NODE_EXTRA_CA_CERTS) without declaring them. The tmux capture commands can output secrets (session key or item JSON) into captured panes—this requires careful handling to avoid accidental leakage. The test workflow requires docker, docker-compose, mkcert and other artifacts that are not declared or bundled.
Install Mechanism
Install spec is brew formulas for bitwarden-cli and tmux (well-known package sources). No arbitrary downloads or extract/install from untrusted URLs are present.
Credentials
The skill does not require any declared credentials or secrets, which is appropriate. However the instructions expect BW_SESSION to be created/used, reference CLAWDBOT_TMUX_SOCKET_DIR and NODE_EXTRA_CA_CERTS, and advise running bw login/unlock (which will accept a master password or API key). Those environment variables are used but not declared; ensure you understand where session keys will be stored and that you never paste secrets into logs or chat.
Persistence & Privilege
always is false and there are no code files that persistently modify agent/system settings. The skill is instruction-only and relies on ephemeral tmux sessions and environment variables; it does not request elevated/persistent privileges in the package metadata.
What to consider before installing
This skill is plausibly a Bitwarden CLI helper, but the instructions reference files and conventions that aren't bundled (references/*.md, ./scripts/*.sh) and expect extra tools (docker, mkcert) without declaring them. Before installing or using it: (1) inspect SKILL.md yourself and verify any scripts it references actually exist or are trustworthy; (2) if you test, do so in an isolated environment (not against your real vault) — the skill requires running bw login/unlock which will accept your master password or API key; (3) be cautious with the tmux socket directory (CLAWDBOT_TMUX_SOCKET_DIR) and with captured pane output because those commands can expose secrets to files/terminal history; (4) only install the brew formulas from trusted sources and avoid pasting credentials into chat or logs. If you want me to, I can list the exact lines that reference missing files and undeclared env vars or suggest a minimal safe test plan using a temporary Vaultwarden instance.

Like a lobster shell, security has layers — review code before you run it.

latestvk97abehcg2wj11jqttmfcq7dzx809ed4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsbw, tmux

Install

Install Bitwarden CLI (brew)
Bins: bw
brew install bitwarden-cli
Install tmux (brew)
Bins: tmux
brew install tmux

Comments