ClawHub

rbw-bitwarden

v1.0.0

Unofficial Bitwarden CLI written in Rust. Manage passwords, TOTP codes, and secure notes from the terminal with a background agent for stateful sessions.

0· 80·0 current·0 all-time
byGuanM@sxhoio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sxhoio/rbw-bitwarden.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "rbw-bitwarden" (sxhoio/rbw-bitwarden) from ClawHub.
Skill page: https://clawhub.ai/sxhoio/rbw-bitwarden
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install rbw-bitwarden

ClawHub CLI

Package manager switcher

npx clawhub@latest install rbw-bitwarden
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Bitwarden CLI) match the SKILL.md content: commands, configuration keys, device registration, SSH/clipboard integration and pinentry usage are all relevant to a CLI password manager.
Instruction Scope
SKILL.md only instructs the agent/user how to install, configure, and run rbw. It references expected environment variables and paths (RBW_PROFILE, XDG_RUNTIME_DIR, SSH_AUTH_SOCK, $VISUAL/$EDITOR, pinentry) that are necessary for the described features. There are no instructions to read unrelated system files, exfiltrate data, or contact unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written or downloaded by the skill itself. Installation guidance points to normal distro/package managers and cargo, which is proportionate for this tool.
Credentials
The skill does not require any declared environment variables or credentials. The environment variables and paths mentioned in the docs (RBW_PROFILE, XDG_RUNTIME_DIR, SSH_AUTH_SOCK, $VISUAL/$EDITOR) are standard and justified by the described functionality (profiles, SSH integration, editor for adding/editing entries, pinentry for prompts).
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills. Autonomous invocation is allowed (platform default) but the skill's instructions themselves do not request elevated or persistent privileges.
Assessment
This skill is an instruction-only wrapper describing how to use the rbw CLI; it does not install or ship code itself. Before using rbw: install the rbw binary from a trusted source (your distro package manager, Homebrew, or the project's official releases) and verify signatures where available. When registering a device you will provide your Bitwarden personal API key — only enter that on Bitwarden's official pages or when you trust the client binary. Be aware that using clipboard copy, SSH agent integration, or leaving the agent unlocked exposes secrets to the local environment (clipboard managers, SSH sessions); configure lock_timeout and profiles appropriately. Note: registry metadata showed no homepage while SKILL.md references the upstream repo (https://github.com/doy/rbw); this is a minor metadata inconsistency but does not affect the instructions. If you need higher assurance, inspect the actual rbw binary/package source before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cye0tg5s1mmdherq2y722qs84v96k
80downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
GuanM@sxhoio
latest
Download

rbw — Unofficial Bitwarden CLI

rbw is a command-line client for Bitwarden that uses a background agent (rbw-agent) to maintain state in memory, avoiding the need to manually pass session keys around in environment variables.

Prerequisites

  • rbw installed (rbw --version to verify)
  • pinentry installed (required for password/2FA prompts)

Installation

# Arch Linux
sudo pacman -S rbw

# Debian/Ubuntu
sudo apt install rbw

# Fedora/RHEL
sudo dnf install rbw

# macOS
brew install rbw

# Cargo (requires pinentry)
cargo install --locked rbw

Configuration

Set options via rbw config. Available keys:

KeyDescriptionDefault
emailBitwarden account emailRequired
base_urlBitwarden API server URLhttps://api.bitwarden.com/
identity_urlIdentity server URLInferred from base_url or https://identity.bitwarden.com/
ui_urlVault web UI URLhttps://vault.bitwarden.com/
notifications_urlNotifications server URLInferred from base_url or https://notifications.bitwarden.com/
lock_timeoutSeconds to keep master keys in memory3600
sync_intervalAuto-sync interval in seconds (0 to disable)3600
pinentryPath to pinentry executablepinentry
sso_idSSO organization IDNone (regular login)

Example Setup

rbw config set email your@email.com
rbw config set base_url https://api.bitwarden.com/
rbw config set lock_timeout 3600

Profiles

Use RBW_PROFILE to switch between multiple vaults (work/personal). Each profile uses separate config, local database, and agent.

RBW_PROFILE=work rbw config set email work@company.com
RBW_PROFILE=work rbw login
RBW_PROFILE=work rbw list

View current config:

rbw config show

First-Time Setup (Official Bitwarden Server)

The official server may flag CLI traffic as bot activity. You must register the device first using your personal API key before normal password logins work.

  1. Get your personal API key from: https://bitwarden.com/help/article/personal-api-key/
  2. Register the device:
rbw register
# Enter email, then personal API key (not master password)
  1. Log in and sync:
rbw login      # Now prompts for master password
rbw sync

Daily Workflow

Most commands auto-trigger the necessary unlock/login steps. You typically don't need to run unlock or login manually before every command.

Check Status

rbw unlocked   # Exit 0 if unlocked
rbw login      # Log in if not already
rbw unlock     # Unlock the local vault
rbw sync       # Sync local database with server

List Entries

rbw list                    # Default: show names
rbw list --fields name,user # Show name + username, tab-separated
rbw list --fields id,name,user,folder

Search Entries

rbw search github
rbw search "my bank" --folder Finance

Get Password / Entry Details

# Get password for an entry (matches name, URI, or UUID)
rbw get github
rbw get github myusername

# Get a specific custom field
rbw get github --field "API Token"

# Get full details (password + notes)
rbw get github --full

# Output as JSON
rbw get github --raw

# Copy to clipboard
rbw get github --clipboard

# Case-insensitive match
rbw get GitHub -i

Get TOTP Code

rbw code github
rbw totp github --clipboard

Add a New Entry

rbw add opens $VISUAL or $EDITOR. The first line of the file becomes the password; everything after becomes the note.

rbw add "My Service" myusername --uri https://example.com --folder Personal

Generate a Password

# Generate only
rbw generate 20

# Generate and save
rbw generate 20 "My Service" myusername --uri https://example.com

# No symbols
rbw generate 16 --no-symbols

# Numbers only
rbw generate 6 --only-numbers

# Avoid visually similar characters
rbw generate 20 --nonconfusables

# Diceware passphrase (LEN = number of words)
rbw generate 5 --diceware

Edit an Entry

Opens the entry in $EDITOR. First line = password, rest = notes.

rbw edit "My Service"
rbw edit "My Service" myusername --folder Personal

Remove an Entry

rbw remove "My Service"
rbw rm "My Service" myusername

View Password History

rbw history "My Service"

Lock / Purge

rbw lock           # Lock the vault (keep agent running)
rbw purge          # Remove local database (log out)
rbw stop-agent     # Kill the background agent

SSH Agent Integration

rbw-agent can act as an SSH agent for signing challenges with keys stored in Bitwarden.

rbw unlock
export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/rbw/ssh-agent-socket"
# If using a profile: ${XDG_RUNTIME_DIR}/rbw-<profile>/ssh-agent-socket
ssh git@github.com

Hermes Integration Notes

  • rbw may prompt for master password or 2FA via pinentry. In non-interactive contexts, ensure the agent is already unlocked (rbw unlocked) or use PTY mode for prompts.
  • Use --raw for JSON output when parsing programmatically.
  • Use --clipboard to copy secrets without printing them to stdout.
  • Commands auto-cascade: rbw get will call rbw unlock if needed; rbw sync will call rbw login if needed.

2FA Support

Supported:

  • Email
  • Authenticator App (TOTP)
  • Yubico OTP

Unsupported: WebAuthn / Passkey / Duo. If your account relies only on unsupported methods, add a supported 2FA method to use rbw.

Tips

  • rbw ls is an alias for rbw list
  • rbw gen is an alias for rbw generate
  • rbw rm is an alias for rbw remove
  • rbw totp is an alias for rbw code
  • Use rbw get <uuid> to target an exact entry by UUID

Comments

Loading comments...