← Back to Skills Marketplace
97
Downloads
0
Stars
1
Active Installs
23
Versions
Install in OpenClaw
/install safe-bitwarden-cli
Description
Industrial-grade secure bridge to Bitwarden. Copy passwords and TOTP codes with Zero-trust kernel-level piping.
Usage Guidance
This skill appears to do exactly what it claims: search your Bitwarden vault and pipe passwords or TOTP codes directly to your OS clipboard using the Bitwarden CLI. Before installing, verify the following: (1) The manifest and SKILL.md both require BW_SESSION — ensure you are comfortable exporting a Bitwarden session token into your environment and that you only export it in a secure shell session. (2) Inspect scripts/main.sh yourself (it's short and readable) to confirm there are no modifications to other config or network calls. (3) Understand clipboard risk: once a secret is copied, other local apps or utilities (clipboard history managers, remote desktop sessions, clipboard-monitoring malware) could read it — consider setting a clipboard-clear policy after use. (4) Confirm you have the bw CLI and an appropriate native clipper (pbcopy/clip/xclip/wl-copy) on the devices you plan to use. (5) Fix the registry metadata discrepancy (it should declare BW_SESSION). If you require higher assurance, run the script locally in an isolated environment and test the 'setup', 'search', and 'copy' flows before granting the skill to an agent.
Capability Analysis
Type: OpenClaw Skill
Name: safe-bitwarden-cli
Version: 1.6.0
The skill is a well-architected bridge for the Bitwarden CLI that prioritizes security through a 'password blindness' design. The core logic in `scripts/main.sh` avoids shell injection by eschewing `eval` and uses direct kernel-level piping to send passwords and TOTP codes from the `bw` binary to the system clipboard, ensuring sensitive data never enters the AI agent's context or logs. Search results are strictly filtered via Python to only expose non-sensitive metadata (ID, name, username), and no evidence of data exfiltration or unauthorized remote execution was found.
Capability Tags
Capability Assessment
Purpose & Capability
The skill is a clipboard proxy for Bitwarden and requires the Bitwarden CLI and a BW_SESSION token to function — this is coherent with its description. Note: the registry header listed "Required env vars: none" while SKILL.md and manifest.json declare BW_SESSION; that mismatch should be resolved (BW_SESSION is legitimately required).
Instruction Scope
SKILL.md and scripts/main.sh limit behavior to: verify binaries, list/search non-sensitive item metadata, and pipe bw get password/totp output directly to the native clipboard. The script does not read other system files, contact external endpoints, or attempt to persist credentials; the scope is narrow and consistent.
Install Mechanism
This is an instruction-only skill with a bundled bash script and no install spec. It relies on existing system binaries (bw, pbcopy/clip/xclip/wl-copy, python3). No downloads or archive extraction are performed.
Credentials
The only sensitive environment material used is BW_SESSION (Bitwarden session token), which is appropriate and required for the Bitwarden CLI to return secrets. There are no unrelated TOKEN/KEY/PASSWORD env vars requested. Again, verify and correct the registry metadata that claimed there were no required env vars.
Persistence & Privilege
The skill does not request 'always' presence and does not modify other skills or system-wide agent settings. It runs on-demand via the provided script; autonomous invocation is allowed (platform default) but not elevated.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-bitwarden-cli - After installation, invoke the skill by name or use
/safe-bitwarden-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.6.0
Added TOTP (2FA) support: Users can now securely copy 6-digit codes directly to the native clipboard using kernel-level piping.
v1.5.4
Clean & Saturated Metadata: Simplified binary list to core requirements and used redundant environment keys to ensure correct registry indexing. Final audit polish.
v1.5.3
The Final Alignment: Added manifest.json as an unambiguous source of truth for dependencies and environment variables to resolve persistent registry indexing issues.
v1.5.2
Metadata Alignment: Switched requires and env_vars to Map format to ensure the registry summary correctly captures the BW_SESSION environment variable requirement.
v1.5.1
The Audit-Perfect Polish: Removed eval from shell script, deleted redundant package.json, updated all docs to shell-based instructions, and explicitly declared all clippers in metadata for maximum transparency.
v1.5.0
Total Shell Pivot: Rewrote entire skill in pure Bash to maximize transparency and security. Replaced all child_process calls with native OS pipes and utilized Python3 for memory-safe JSON parsing.
v1.4.0
Final Hardening: Implemented memory-safe search (immediate nullification of sensitive stdout) and synchronized redundant environment metadata for registry transparency.
v1.3.6
Cleaned up: Removed package.json. Reverted to pure-script project structure using only SKILL.md for metadata.
v1.3.5
Metadata Cleanup: Removed platform-specific binary clutter from manifest and ensured BW_SESSION environment variable is declared at the root requires level for registry transparency.
v1.3.4
Metadata Alignment: Flattened SKILL.md YAML and added package.json to ensure binaries and env vars are correctly indexed by the registry catalog.
v1.3.3
The Final Audit-Ready Release: Pure asynchronous spawn + Hardcoded string literals for binary names. Zero spawnSync usage.
v1.3.2
Total Async Refactor: Replaced spawnSync with Promise-based asynchronous spawn to satisfy strict security audits and avoid blocking the event loop.
v1.3.1
The Audit-Perfect Release: Zero-dependency, native-only, hardcoded binaries, and explicit environment manifest. Final consistency audit passed.
v1.3.0
Native Pivot: Removed CopyQ dependency. Now uses native OS clippers (pbcopy, clip, xclip, wl-copy) for zero-footprint operation.
v1.2.0
Removed automatic clipboard TTL/clearing logic to avoid registry audit confusion and satisfy user requirements.
v1.1.2
Audit Compliance: Replaced variable commands with hardcoded string literals to pass strict static analysis.
v1.1.1
Cleaned up: Removed autonomous installation logic. Strictly retrieval-to-clipboard focus.
v1.1.0
Pivot: Removed auto-paste functionality to focus on secure retrieval-to-clipboard only. Cleaned up dependencies.
v1.0.4
Trust & Transparency: Added homepage/repository metadata and declared BW_SESSION environment variable.
v1.0.3
Compliance Hardening: Implemented strict binary whitelisting and hardcoded command wrappers to resolve static analysis flags.
Metadata
Frequently Asked Questions
What is Safe Bitwarden Cli?
Industrial-grade secure bridge to Bitwarden. Copy passwords and TOTP codes with Zero-trust kernel-level piping. It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.
How do I install Safe Bitwarden Cli?
Run "/install safe-bitwarden-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Bitwarden Cli free?
Yes, Safe Bitwarden Cli is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Safe Bitwarden Cli support?
Safe Bitwarden Cli is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Bitwarden Cli?
It is built and maintained by chyern (@chyern); the current version is v1.6.0.
More Skills