Bitwarden Vault CLI
v1.0.0Set up and use Bitwarden CLI (bw). Use when installing the CLI, authenticating (login/unlock), or reading secrets from your vault. Supports email/password, API key, and SSO authentication methods.
⭐ 6· 3k·11 current·11 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, required binary (bw), and install spec (homebrew/npm/choco/snap/native) all match the stated goal of providing Bitwarden CLI usage. There are no unrelated binaries, credentials, or config paths requested that don't belong to a password-manager CLI skill.
Instruction Scope
SKILL.md contains explicit runtime instructions to create a tmux session, run bw login/unlock, export BW_SESSION, and use bw get/list commands to read secrets. Those steps are coherent for a CLI-first Bitwarden workflow. The instructions also encourage piping secrets into environment variables and other commands — this is expected for automation but increases risk of accidental exposure. The file references environment variables (BW_SESSION, BW_CLIENTID, BW_CLIENTSECRET, BITWARDENCLI_APPDATA_DIR) even though the registry 'requires.env' is empty; this is normal (they are standard Bitwarden variables) but worth noting.
Install Mechanism
Install options are standard package sources (Homebrew formula, npm package @bitwarden/cli, Chocolatey, snap, and direct binaries). No arbitrary or shortened URLs or extracted archives from unknown hosts are used in the provided install metadata. npm/global installs carry the usual supply-chain caveats but are expected for this tool.
Credentials
The skill does not request platform credentials or secrets itself (requires.env is empty), but the runtime instructions require and show how to export sensitive values (BW_SESSION, BW_CLIENTID, BW_CLIENTSECRET) and how to pull vault secrets into process environment variables (e.g., exporting AWS keys). That behavior is intrinsic to a secrets-management skill but is sensitive: exporting session tokens or secrets into shell environment increases the attack surface (other processes, logs, shell history).
Persistence & Privilege
Skill does not request always:true and does not attempt to modify other skills or system-wide agent settings. It's instruction-only and has no persistent installation behavior beyond installing the expected bw binary via normal package managers.
Assessment
This skill appears to do what it says (help you install and use the Bitwarden CLI). Before installing or using it: 1) Verify the bw binary you install is the official Bitwarden client (use Homebrew, the official npm package @bitwarden/cli, Chocolatey, snap, or official downloads) and check signatures/URLs where possible. 2) Be cautious exporting BW_SESSION or vault secrets into long-lived shells or files — any process that shares the session or the environment can read those values. Prefer transient, short-lived sessions and run bw commands in isolated shells or ephemeral processes; run bw lock or bw logout when finished. 3) Avoid writing secrets to disk or logs; if automation requires secrets as env vars, scope their lifetime and revoke or re-lock afterward. 4) When using npm/global installs, ensure your node environment and package sources are trusted. 5) If you will allow an autonomous agent to use this skill, explicitly decide whether you want the agent to access your vault and consider limiting its access (create limited API keys or separate vault items).Like a lobster shell, security has layers — review code before you run it.
latestvk9767rfmss4jdxez0hh3w04q7h801y4r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔒 Clawdis
Binsbw
Install
Install Bitwarden CLI (brew)
Bins: bw
brew install bitwarden-cli