Bitwarden

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Bitwarden CLI helper, but installing it means the agent may handle password-vault data when you ask it to.

Install this only if you want the agent to operate Bitwarden CLI for specific tasks. Prefer narrow lookups over broad vault listing, do not share captured command output, review any optional Docker/scripts before running them, and lock Bitwarden plus kill the tmux session when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow and tmux example include commands like `bw list items --search ...` and pane capture that can reveal vault item metadata or secrets in terminal output, increasing the risk of accidental disclosure through logs, transcripts, screen capture, or agent output. Although the guardrails say not to paste secrets into logs or chat, the example does not give an explicit warning immediately where disclosure occurs, so users may run it verbatim and expose sensitive data.

Missing User Warnings

Low

Confidence: 95% confidence
Finding: The documentation publishes example credentials and an admin token without placing a strong, immediate warning that they are disposable local test values only. This can normalize insecure practices, lead to accidental reuse in real environments, or cause confusion if copied into shared or persistent systems.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal