ClawHub

Bitwarden Vault CLI

Security checks across malware telemetry and agentic risk

Overview

This is a Bitwarden CLI helper whose sensitive vault access is expected and disclosed, but users should be careful with exported session tokens and downloaded secrets.

Install this only if you want your agent to operate Bitwarden CLI for specific vault tasks. Keep requests narrow, do not allow secrets to be printed or logged, avoid storing exported tokens in shell profiles or CI logs, lock or log out when finished, and clean up any files created from vault attachments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These examples place secrets directly into environment variables without warning that environment data can leak through subprocess inheritance, shell history patterns, debugging output, crash reports, or process inspection in some contexts. In a secrets-management skill, this is more dangerous because users are likely to copy-paste the pattern into real workflows handling production credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The attachment example writes potentially sensitive material directly to disk without warning about residual local exposure, including insecure permissions, backup/sync leakage, and accidental retention. In the context of a Bitwarden skill, users may reasonably assume examples are safe defaults, so omission of handling guidance increases the risk of credential or certificate compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to export Bitwarden API credentials and a raw session token into shell environment variables without warning that these values may be exposed through shell history, process environments, terminal scrollback, shared sessions, or CI logs. In a credential-management skill, that omission is materially risky because the exposed values directly enable vault access or authentication flows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tmux guidance encourages preserving an authenticated Bitwarden session and exported BW_SESSION token across a long-lived multiplexed shell, but it does not warn that detached tmux sessions can remain accessible to the same host user, administrators, backups, or anyone who later attaches to that session. Because this skill handles password-vault access, extending token lifetime and accessibility increases the chance of unauthorized secret retrieval.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal