Twhidden Bitwarden
v1.0.5Bitwarden & Vaultwarden password manager integration. Use when storing, retrieving, generating, or managing passwords and credentials. Wraps the Bitwarden CL...
⭐ 2· 713·2 current·2 all-time
byTravis Whidden@twhidden
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Bitwarden/Vaultwarden CLI wrapper) match the script and SKILL.md. The required binaries (bw, openssl, curl) and required env vars (BW_SERVER, BW_EMAIL, BW_MASTER_PASSWORD) are appropriate for a CLI wrapper that logs in, registers accounts, and talks to a Bitwarden-compatible server.
Instruction Scope
The SKILL.md and bw.sh stay within the stated purpose: they log in, generate passwords, create/list/edit items, and (optionally) register accounts via the configured BW_SERVER. Minor implementation notes: the script parses JSON with grep/regex (fragile but expected for a bash-only tool) and implements registration using openssl and curl as described. The instructions and script reference CREDS_FILE and OPENCLAW_WORKSPACE as optional configuration sources; these optional env vars are reasonable but are not included in the top-level requires.env declaration in the registry metadata (see environment_proportionality).
Install Mechanism
This is instruction-only plus a bundled bash script (bw.sh). There is no remote download/install step in the skill metadata that would pull and execute arbitrary code at install time, so installation mechanism risk is low. The script does require the user to install the Bitwarden CLI separately (npm install -g @bitwarden/cli).
Credentials
The skill requires BW_SERVER, BW_EMAIL, and BW_MASTER_PASSWORD — these are highly sensitive but proportionate for an automated login to a Bitwarden/Vaultwarden instance. The script also reads optional CREDS_FILE and OPENCLAW_WORKSPACE environment variables (to locate a credentials file); those optional vars are not listed in the registry's top-level requires.env. The skill writes a session token to /tmp/.bw_session (with chmod 600), which is expected behavior but worth noting because it creates a local artifact containing an authentication token.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It caches a session token in /tmp/.bw_session and removes it on lock/logout, which is standard behavior for a CLI wrapper. Autonomous invocation is allowed by default (platform behavior) — consider policy if you want manual approval for password operations.
Assessment
This skill appears to do what it says: wrap the Bitwarden CLI and manage a Bitwarden/Vaultwarden account. Before installing, consider the following: 1) You will need to provide your master password (BW_MASTER_PASSWORD) — this is necessary but highly sensitive; prefer a dedicated account or minimize exposure time. 2) The script can read a credentials file (CREDS_FILE) in your OpenClaw workspace; ensure that file is protected (chmod 600) and not committed to source control. 3) The script writes a session token to /tmp/.bw_session; the script sets restrictive permissions, but you should verify your environment's /tmp policies. 4) If you want human approval before the agent stores or retrieves passwords, limit autonomous invocation via your OpenClaw tool policy. 5) If you have concerns about the packaged code, review bw.sh yourself (it's included) or obtain the skill from a trusted origin (verify the GitHub/homepage and commit history).Like a lobster shell, security has layers — review code before you run it.
bitwardenvk9765zjhafmxxz06a56n839kp981dzx1latestvk977qbvefrnx0sn00k0g3w7s5s81egsfpassword-managervk9765zjhafmxxz06a56n839kp981dzx1securityvk9765zjhafmxxz06a56n839kp981dzx1vaultwardenvk9765zjhafmxxz06a56n839kp981dzx1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
Binsbw, openssl, curl
EnvBW_SERVER, BW_EMAIL, BW_MASTER_PASSWORD