← Back to Skills Marketplace
gnarco

Dashlane

by gnarco · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2100
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install dashlane
Description
Access passwords, secure notes, secrets and OTP codes from Dashlane vault.
README (SKILL.md)

Dashlane CLI

Access your Dashlane vault from the command line. Read-only access to passwords, secure notes, secrets and OTP codes.

Installation

brew install dashlane/tap/dashlane-cli

Authentication

First sync to trigger authentication:

dcli sync

Steps:

  1. Enter your Dashlane email
  2. ⚠️ IMPORTANT: Open the URL shown in your browser (device registration)
  3. Enter the code received by email
  4. Enter your Master Password

Check current account:

dcli accounts whoami

Get a Password

# Search by URL or title (copies password to clipboard by default)
dcli p mywebsite
dcli password mywebsite

# Get specific field
dcli p mywebsite -f login      # Username/login
dcli p mywebsite -f email      # Email
dcli p mywebsite -f otp        # TOTP 2FA code
dcli p mywebsite -f password   # Password (default)

# Output formats
dcli p mywebsite -o clipboard  # Copy to clipboard (default)
dcli p mywebsite -o console    # Print to stdout
dcli p mywebsite -o json       # Full JSON output (all matches)

# Search by specific fields
dcli p url=example.com
dcli p title=MyBank
dcli p id=xxxxxx               # By vault ID
dcli p url=site1 title=site2   # Multiple filters (OR)

Get a Secure Note

dcli note [filters]
dcli n [filters]               # Shorthand

# Filter by title (default)
dcli n my-note
dcli n title=api-keys

# Output formats: text (default), json
dcli n my-note -o json

Get a Secret

Dashlane secrets are a dedicated content type for sensitive data.

dcli secret [filters]

# Filter by title (default)
dcli secret api_keys
dcli secret title=api_keys -o json

Other Commands

# Sync vault manually (auto-sync every hour by default)
dcli sync

# Lock the vault (requires master password to unlock)
dcli lock

# Logout completely
dcli logout

# Backup vault to current directory
dcli backup
dcli backup --directory /path/to/backup

Configuration

# Save master password in OS keychain (default: true)
dcli configure save-master-password true

# Disable auto-sync
dcli configure disable-auto-sync true

# Enable biometrics unlock (macOS only)
dcli configure user-presence --method biometrics

# Disable user presence check
dcli configure user-presence --method none

Persistence by Platform

macOS

Master password is stored in the Keychain by default. Survives reboots.

dcli configure save-master-password true

Linux (server/headless)

No native keychain. Options:

  1. Environment variable (less secure, but simple): 
    export DASHLANE_MASTER_PASSWORD="..."
  2. Local encrypted file: save-master-password true stores in ~/.local/share/dcli/
  3. External secret manager (Vault, AWS Secrets, etc.) to inject the variable

Docker / CI

Use the DASHLANE_MASTER_PASSWORD environment variable passed to the container.

docker run -e DASHLANE_MASTER_PASSWORD="..." myimage

SSO / Passwordless

Not supported by dcli yet — requires a classic master password.

Advanced: Inject Secrets

# Inject secrets into environment variables
dcli exec -- mycommand

# Inject into templated files
dcli inject \x3C template.txt > output.txt

# Read secret by path
dcli read "dl://vault/secret-id"

Examples

Get OTP for 2FA

dcli p github -f otp
# Returns: 123456 (25s remaining)

SSH Keys from Vault

Store private key in a secure note, then:

dcli n SSH_KEY | ssh-add -

Scripting

# Get password for a script
PASSWORD=$(dcli p myservice -o console)

# Get JSON and parse with jq
dcli p myservice -o json | jq -r '.[0].password'

Troubleshooting

  • Locked? Run dcli sync to unlock
  • SSO users: Need Chrome installed + visual interface
  • Password-less: Not supported yet
  • Debug mode: dcli --debug \x3Ccommand>

Docs: https://cli.dashlane.com

Usage Guidance
This skill appears to be an instruction-only wrapper for the official Dashlane CLI, but the registry metadata is incomplete and the instructions include risky, persistent operations. Before installing or using: (1) confirm you trust the skill owner and the brew formula at the official Dashlane CLI site (https://cli.dashlane.com); (2) do not export your master password into environment variables or enable 'save-master-password' unless you understand the system-wide consequences; (3) avoid running backup or 'dcli configure' commands that persist secrets unless you intend to create local copies; (4) prefer using ephemeral console output or direct clipboard copies rather than injecting secrets into processes/files; (5) ask the skill maintainer to update the manifest to declare the required binary ('dcli') and any environment variables so the metadata matches the runtime instructions. If you lack confidence, test in an isolated environment or decline installation.
Capability Analysis
Type: OpenClaw Skill Name: dashlane Version: 1.0.0 This skill bundle is classified as suspicious due to its exposure of high-risk capabilities that could be abused by a malicious prompt. Specifically, the `SKILL.md` file demonstrates the use of `dcli exec -- mycommand` which allows arbitrary command execution with secrets injected into environment variables, and `dcli n SSH_KEY | ssh-add -` which pipes a sensitive SSH private key directly into `ssh-add -`, enabling its immediate use. These features, while legitimate for the Dashlane CLI, grant significant power to the AI agent, posing a risk for data exfiltration or unauthorized command execution if the agent is compromised.
Capability Assessment
Purpose & Capability
The skill claims to provide Dashlane CLI access but the registry metadata lists no required binaries or environment variables. The SKILL.md explicitly requires the 'dcli' binary (and gives a brew install) and refers to the DASHLANE_MASTER_PASSWORD environment variable and local keychain storage. The manifest should declare these requirements; their absence is an incoherence between claimed purpose and declared requirements.
Instruction Scope
The instructions tell the agent to run dcli commands (sync, p, note, backup, logout, configure, exec, inject, read dl://) and to perform actions that persist secrets (backup to current directory, save master password to keychain or env, disable user-presence checks). These operations go beyond read-only display: they can write vault backups to disk, place the master password in environment variables, and configure the CLI to persist secrets — all of which increase exposure. The SKILL.md also instructs injecting secrets into processes/files which widens the risk surface.
Install Mechanism
There is no install spec in the skill bundle (instruction-only). The SKILL.md recommends installing via Homebrew (brew install dashlane/tap/dashlane-cli). That is a commonly used mechanism, but because the skill metadata did not declare 'dcli' as a required binary, the manifest and instructions are inconsistent.
Credentials
The manifest declares no required environment variables or primary credential, yet the instructions rely on DASHLANE_MASTER_PASSWORD (and describe saving it to the OS keychain or env vars). The skill also exposes commands that inject secrets into other processes or files. Requesting no credentials in metadata while instructing the use/persistence of a master password is disproportionate and misleading.
Persistence & Privilege
The skill does not request always:true and does not autonomously elevate itself, which is good. However the instructions encourage persistent changes to the host (saving master password in keychain or env, disabling user-presence checks, creating backups in directories such as the current working directory or ~/.local/share/dcli/). Those persistent behaviors increase risk if executed without careful review.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install dashlane
  3. After installation, invoke the skill by name or use /dashlane
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Dashlane 1.0.0 – Initial Release - Access passwords, secure notes, secrets, and OTP codes from your Dashlane vault via the command line. - Provides read-only vault access with commands to copy credentials, output them in various formats, and filter by multiple fields. - Supports master password management, keychain integration on macOS, sync, lock, and backup commands. - Enables secret injection for scripts, templated files, and CI environments. - Includes guidance for installation, authentication, platform-specific persistence, and troubleshooting.
Metadata
Slug dashlane
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Dashlane?

Access passwords, secure notes, secrets and OTP codes from Dashlane vault. It is an AI Agent Skill for Claude Code / OpenClaw, with 2100 downloads so far.

How do I install Dashlane?

Run "/install dashlane" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Dashlane free?

Yes, Dashlane is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Dashlane support?

Dashlane is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Dashlane?

It is built and maintained by gnarco (@gnarco); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments