LastPass CLI Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it gives the agent direct access to pull passwords and other vault data from LastPass with little built-in scope or approval control.
Install only if you intentionally want the agent to fetch LastPass secrets for specific tasks. Before using it, verify the 'lpass' CLI installation, make sure you approve each requested vault entry and field, and avoid using 'raw' or 'notes' unless you are comfortable exposing that content to the agent workflow.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could access passwords or notes from the user’s vault beyond what the user intended for the current task.
This shows the skill uses the user's existing LastPass CLI access to retrieve vault credentials, which is high-impact delegated account authority.
retrieve credentials from the local LastPass vault using the `lpass` CLI
Require explicit user approval for each vault entry and field, document the required LastPass session, and consider an allowlist of permitted entry names.
A mistaken or manipulated request could cause the agent to fetch an unintended secret or full vault entry contents.
The helper retrieves sensitive fields or the raw full entry for any provided item name, with no built-in confirmation, allowlist, or output restriction.
lpass show --password "$name" ... lpass show --notes "$name" ... lpass show "$name"
Remove or restrict the 'raw' mode by default, validate allowed fields, and require a user confirmation step before returning secret material.
The skill may fail or use whatever 'lpass' executable is available in the user’s PATH, so users must ensure they have the legitimate LastPass CLI installed.
The script depends on the local 'lpass' binary, while the registry metadata declares no required binaries and there is no install spec.
lpass show --password "$name"
Declare 'lpass' as a required binary and provide setup guidance that directs users to a trusted installation source.
Passwords or notes may become visible to the agent and potentially to logs or downstream automation depending on the host environment.
The command prints the retrieved secret to stdout, meaning the secret can be returned into the agent workflow or conversation context.
lpass show --password "$name"
Use the skill only for specific approved entries, avoid retrieving notes/raw data unless necessary, and ensure the agent environment redacts or avoids retaining secrets.