v0.1.0

Bitwarden

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:13 AM.

Analysis

This Bitwarden skill is purpose-aligned but gives the agent broad access to a password vault and persistent session handling, so it should be reviewed carefully before installation.

GuidanceInstall only if you are comfortable letting the agent use Bitwarden CLI. Before use, require explicit approval for each secret, avoid broad vault listings, do not let secrets be pasted into chat or logs, and confirm the vault is locked and the tmux session is killed afterward.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

| `bw list items` | List all items | ... | `bw get password <id-or-name>` | Get just the password | ... | `bw get totp <id-or-name>` | Get TOTP code |

The documented CLI authority includes bulk vault enumeration and direct retrieval of passwords and TOTP codes, without clear scoping to a user-approved item.

User impactA mistaken or overbroad invocation could expose many vault entries or enable access to accounts protected by passwords and TOTP.

RecommendationRequire an exact user-specified item name or ID before retrieving secrets, avoid bulk `bw list items` output, and redact or summarize non-secret metadata whenever possible.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

`references/get-started.md` ... `references/cli-examples.md` ... `./scripts/setup-test-account.sh` ... `./scripts/test-skill-workflow.sh`

The skill references supporting files and scripts, but the provided manifest contains only SKILL.md, so those helpers are not available for review here.

User impactOptional testing instructions may not work as written, and any separately obtained scripts should not be trusted automatically.

RecommendationInclude referenced files in the package or remove the instructions; users should not run missing or separately sourced scripts without reviewing them.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

If not logged in: `bw login` (stores API key, prompts for master password). ... Unlock vault inside tmux: `bw unlock` (outputs session key). ... Export session key: `export BW_SESSION="<key>"`.

The skill asks the agent to handle Bitwarden account authentication and an unlocked vault session, but the registry metadata declares no primary credential or environment variable contract.

User impactIf installed and invoked, the agent may be able to access the user's Bitwarden vault session and retrieve stored credentials.

RecommendationOnly use this skill with explicit user approval for each vault item, declare the credential/session requirements in metadata, and ensure BW_SESSION is cleared and the vault is locked after use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

To persist the session across commands, always run `bw` inside a dedicated tmux session. ... `tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200`

The skill intentionally persists an authenticated Bitwarden session in tmux and captures command output, which can bring vault data into the agent context or leave it in terminal scrollback until cleanup.

User impactSecrets or vault metadata could remain visible in the tmux session, scrollback, or agent transcript if outputs are captured or cleanup is missed.

RecommendationAvoid capturing secret-bearing command output, clear tmux scrollback, kill the session, unset BW_SESSION, and run `bw lock` immediately after the approved task.