Bitwarden Vault CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Bitwarden CLI helper, but using it means the agent can access vault secrets while your Bitwarden session is unlocked.
Install only if you want the agent to help operate Bitwarden CLI. Keep requests specific, do not let the agent print secrets unnecessarily, and lock or log out of Bitwarden after the task is complete.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
While authenticated and unlocked, the agent may be able to read passwords, secure notes, TOTP codes, and other secrets from the Bitwarden vault.
The skill openly requests access to highly sensitive vault contents. This is central to the stated Bitwarden purpose, but users should understand the permission boundary.
The Bitwarden command-line interface (CLI) provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically.
Use the skill only for specific, intentional vault lookups; lock or log out of Bitwarden when finished and avoid leaving an unlocked session unattended.
If the agent is asked to run these commands, it could enumerate vault entries or change stored credentials.
The examples document broad Bitwarden CLI operations, including listing vault contents and modifying vault items. They are presented as examples, not automatic instructions.
bw list items ... bw create item ... bw edit item <item-id>
Review any command that lists many items or changes vault entries, and require explicit approval before creating or editing secrets.
A preserved unlocked session may allow further vault access until it is explicitly locked or logged out.
The tmux workflow intentionally preserves the Bitwarden session key across commands. This is disclosed and useful for the CLI workflow, but it keeps access available until the vault is locked or logged out.
Always run `bw` commands inside a dedicated tmux session... Session keys remain valid until you run `bw lock` or `bw logout`.
Run `bw lock` or `bw logout` after use, and avoid keeping long-lived tmux sessions unlocked.