ClawHub

bitclawden

v1.0.1

Look up, create, and edit credentials in Bitwarden vault via the bw CLI. Use when asked to store, retrieve, find, or manage passwords, secrets, or credentials.

0· 406·0 current·0 all-time
byAdam Malone@typhonius
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bitwarden CLI management) match the declared requirements: bw and jq binaries and a Bitwarden session token (BW_SESSION). These are exactly what a CLI-based Bitwarden skill needs.
Instruction Scope
SKILL.md only instructs the agent to run bw/jq commands, check vault status, require unlocking and a BW_SESSION, sync after changes, and avoid leaking secrets. It does not ask for unrelated files, credentials, or exfiltration steps.
Install Mechanism
Skill is instruction-only in the registry, but the SKILL.md metadata includes an optional install script that downloads the bw CLI from https://vault.bitwarden.com/download/?app=cli and unzips it to ~/.local/bin. The source is the official Bitwarden domain (low risk), but there is a small inconsistency between 'No install spec' in the registry metadata and the embedded install script in SKILL.md.
Credentials
Only BW_SESSION is required (declared as primaryEnv). No unrelated secrets or multiple credentials are requested; this is proportional to the skill's function.
Persistence & Privilege
always is false and the skill does not request system-wide changes or other skills' credentials. It does propose writing a binary to ~/.local/bin only if its optional install script is used (local scope).
Assessment
This skill appears coherent for managing Bitwarden via the bw CLI, but review these points before installing: - Confirm you have bw and jq installed (or be prepared to run the provided install script) and that ~/.local/bin is an acceptable install location. - The install script fetches from vault.bitwarden.com (official); still verify network policy and inspect the script if you have strict supply-chain rules. - BW_SESSION is a live session token: treat it as a secret. Prefer short-lived sessions and avoid committing it to files or global environment variables. - The skill’s guardrails say passwords should only be revealed on explicit request; be mindful of prompts and what the agent returns to chat or logs. - Note the minor inconsistency: registry metadata listed no install spec while SKILL.md contains an install script — ask the publisher which install flow they expect if this matters to you. If you accept those conditions, the skill is internally consistent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk979m9evh7ng4gsxx86c4y3f3x81n87m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsbw, jq
EnvBW_SESSION
Primary envBW_SESSION

Comments