LastPass CLI Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could access passwords or notes from the user’s vault beyond what the user intended for the current task.
This shows the skill uses the user's existing LastPass CLI access to retrieve vault credentials, which is high-impact delegated account authority.
retrieve credentials from the local LastPass vault using the `lpass` CLI
Require explicit user approval for each vault entry and field, document the required LastPass session, and consider an allowlist of permitted entry names.
A mistaken or manipulated request could cause the agent to fetch an unintended secret or full vault entry contents.
The helper retrieves sensitive fields or the raw full entry for any provided item name, with no built-in confirmation, allowlist, or output restriction.
lpass show --password "$name" ... lpass show --notes "$name" ... lpass show "$name"
Remove or restrict the 'raw' mode by default, validate allowed fields, and require a user confirmation step before returning secret material.
The skill may fail or use whatever 'lpass' executable is available in the user’s PATH, so users must ensure they have the legitimate LastPass CLI installed.
The script depends on the local 'lpass' binary, while the registry metadata declares no required binaries and there is no install spec.
lpass show --password "$name"
Declare 'lpass' as a required binary and provide setup guidance that directs users to a trusted installation source.
Passwords or notes may become visible to the agent and potentially to logs or downstream automation depending on the host environment.
The command prints the retrieved secret to stdout, meaning the secret can be returned into the agent workflow or conversation context.
lpass show --password "$name"
Use the skill only for specific approved entries, avoid retrieving notes/raw data unless necessary, and ensure the agent environment redacts or avoids retaining secrets.