ClawHub

Bitwarden Bw

v1.0.0

Access and manage Bitwarden passwords securely using the official bw CLI.

0· 424·1 current·1 all-time
byzu@yorha59
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required binary (bw). All primary actions in SKILL.md are bw CLI commands; requiring the bw binary is appropriate and proportional.
!
Instruction Scope
The SKILL.md explicitly expects a BW_SESSION environment variable and suggests persisting it in ~/.zshrc, but requires.env lists no environment variables. Instructions reference running bw and piping output to a local python command — expected — but the undeclared use of BW_SESSION and guidance to store a session in a shell RC file is a scope/information handling inconsistency that should be clarified.
Install Mechanism
Instruction-only skill; no install spec. The README/local guidance suggests installing the official CLI via npm (npm install -g @bitwarden/cli), which is a normal, low-risk recommendation (no arbitrary downloads or extraction).
Credentials
Access to a Bitwarden session (BW_SESSION) is proportionate to the skill's purpose. However, the session token is sensitive and the skill fails to declare it as a required env var. The SKILL.md also recommends persisting the session in ~/.zshrc, which can expose credentials if not handled carefully.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills' configs. Model invocation is allowed (the platform default); combined with access to secrets this increases risk but is expected for a password-management skill.
Assessment
This skill appears to do what it says: it runs the official Bitwarden CLI (bw) to read and manage vault items. Before installing, confirm you have bw installed and that you understand the implication: the agent will need access to your BW_SESSION (a live Bitwarden session token) to operate and any commands it runs can read your vault entries. Ask the publisher to update metadata to declare BW_SESSION as a required credential so you can review it explicitly. Avoid storing BW_SESSION permanently in plain text (e.g., ~/.zshrc) if possible — prefer ephemeral sessions, manually run bw login/unlock when needed, or use short-lived session tokens. Only enable this skill if you trust the agent to handle sensitive data, and consider limiting autonomous invocation or testing in a restricted account/vault first.

Like a lobster shell, security has layers — review code before you run it.

latestvk9794rbkrb4803km09pdt8h0fd81pkfx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis
OSLinux · macOS
Binsbw

Comments