Bitwarden CLI
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This Bitwarden helper looks legitimate, but it should be reviewed because it can let the agent read your password vault and keep an unlocked session until you lock it.
Install only if you intentionally want the agent to use Bitwarden CLI. Authenticate only when needed, ask it to retrieve specific named items, avoid broad vault listings or edits unless you confirm them, and always lock or log out of Bitwarden and close the tmux session afterward.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent is unlocked into your vault, it may be able to retrieve passwords, TOTP codes, secure notes, and other secrets beyond the single item you intended.
This shows the agent can use an unlocked Bitwarden session to access highly sensitive vault contents. The behavior matches the skill purpose, but the artifacts do not narrow access to specific user-approved items.
provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically
Only use this skill for explicit, user-requested vault items. Avoid broad listing or full-item retrieval unless necessary, and consider a separate vault/account or least-privilege workflow for agent use.
A mistaken or overbroad instruction could list many vault items or modify stored credentials.
The reference documents broad enumeration and vault mutation commands. These appear to be examples rather than automatic behavior, but they are high-impact operations on sensitive account data.
bw list items ... bw create item ... bw edit item <item-id>
Require explicit confirmation before running list-all, create, or edit commands, and verify the target item ID/name before any mutation.
If the tmux session is left open, later commands in that session may still access the unlocked vault.
The skill intentionally keeps BW_SESSION available across commands. This is disclosed and useful, but it extends the lifetime of decrypted vault access until the vault is locked or logged out.
Always run `bw` commands inside a dedicated tmux session ... A tmux session preserves this environment variable across commands.
Run `bw lock` or `bw logout` when finished, and close the tmux session if the agent no longer needs vault access.
Installing from an unexpected package source could introduce a compromised CLI.
The skill documents standard global package-manager installs for the Bitwarden CLI. This is expected for the purpose, but versions are not pinned and users should ensure the source is official.
npm install -g @bitwarden/cli ... brew install bitwarden-cli ... choco install bitwarden-cli ... sudo snap install bw
Install Bitwarden CLI from official Bitwarden-recommended package sources and verify the installed `bw` binary before authenticating.