Bitwarden
v1.0.0Access and manage Bitwarden/Vaultwarden passwords securely using the rbw CLI.
⭐ 4· 4.4k·41 current·41 all-time
byAsleep@asleep123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description and runtime instructions align: the skill operates exclusively through the rbw CLI and declares rbw as the required binary. There are no unrelated requested binaries, env vars, or install steps.
Instruction Scope
SKILL.md instructs the agent to run rbw commands (login, unlock, list, get, add, sync) and to use tmux/pinentry-curses if interactive prompts are needed. It does not tell the agent to read other system files or unrelated environment variables. One ambiguous phrase—"rbw caches the session key in the agent"—should be clarified: the agent will handle interactive secrets (master password/2FA) and may hold session tokens for the CLI, which is expected but sensitive.
Install Mechanism
Instruction-only skill with no install spec and no external downloads — lowest-risk installation behavior. It relies on a preinstalled rbw binary (expected for this purpose).
Credentials
The skill declares no required env vars. The instructions mention common supporting envs/tools (EDITOR, pinentry provider) which are appropriate for interacting with rbw but are not declared as required. No unrelated credentials or config paths are requested.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (platform default). Because it enables access to a local password vault, autonomous invocation increases risk — consider whether you want the agent to access secrets without explicit user confirmation each time.
Assessment
This skill is coherent: it simply tells the agent to run the rbw CLI to manage your Bitwarden/Vaultwarden vault. Before enabling it, confirm you have a trusted rbw binary installed and understand that the agent will prompt for (and may temporarily hold) your master password, 2FA, and session tokens. If you prefer tighter control, only allow this skill to run when you explicitly invoke it (avoid enabling autonomous invocation for sensitive workflows), and verify the agent's storage/rotation policy for cached session keys. Finally, if you see the skill request additional environment variables or installation steps later, treat that as a red flag and re-evaluate.Like a lobster shell, security has layers — review code before you run it.
latestvk97d9zdvmh9jmspvyk40sf14p17zgxa6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
OSLinux · macOS
Binsrbw