ClawHub

Safe Bitwarden Cli

Security checks across malware telemetry and agentic risk

Overview

This Bitwarden helper does sensitive work, but its code and documentation are coherent: it searches vault metadata and copies selected passwords or TOTP codes to the OS clipboard without hidden persistence or unrelated behavior.

Install only if you are comfortable letting an agent search Bitwarden item names/usernames and copy selected passwords or TOTP codes to your system clipboard. Avoid clipboard history or clipboard sync, clear the clipboard after use, and protect BW_SESSION like a password.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script exposes a search/listing capability that enumerates Bitwarden items and usernames, while the skill description promises only password and TOTP copying. That mismatch expands the tool's effective privilege and can leak sensitive metadata about stored accounts, making reconnaissance of a vault easier for a caller than users may reasonably expect.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The script repeatedly markets itself as 'Zero-trust' and 'secure' while intentionally placing passwords and TOTP codes into the native system clipboard, which is commonly readable by other local processes, clipboard managers, remote desktop tooling, or later user actions. The issue is not just the clipboard use itself, but the misleading security framing, which can cause operators to underestimate real secret-exposure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal