← Back to Skills Marketplace
twhidden

Twhidden Bitwarden

by Travis Whidden · GitHub ↗ · v1.0.5
cross-platform ✓ Security Clean
768
Downloads
2
Stars
2
Active Installs
5
Versions
Install in OpenClaw
/install twhidden-bitwarden
Description
Bitwarden & Vaultwarden password manager integration. Use when storing, retrieving, generating, or managing passwords and credentials. Wraps the Bitwarden CL...
Usage Guidance
This skill appears to do what it says: wrap the Bitwarden CLI and manage a Bitwarden/Vaultwarden account. Before installing, consider the following: 1) You will need to provide your master password (BW_MASTER_PASSWORD) — this is necessary but highly sensitive; prefer a dedicated account or minimize exposure time. 2) The script can read a credentials file (CREDS_FILE) in your OpenClaw workspace; ensure that file is protected (chmod 600) and not committed to source control. 3) The script writes a session token to /tmp/.bw_session; the script sets restrictive permissions, but you should verify your environment's /tmp policies. 4) If you want human approval before the agent stores or retrieves passwords, limit autonomous invocation via your OpenClaw tool policy. 5) If you have concerns about the packaged code, review bw.sh yourself (it's included) or obtain the skill from a trusted origin (verify the GitHub/homepage and commit history).
Capability Analysis
Type: OpenClaw Skill Name: twhidden-bitwarden Version: 1.0.5 The OpenClaw Bitwarden skill is benign. It provides a wrapper for the Bitwarden CLI, enabling password management functionalities like login, registration, and CRUD operations. The `bw.sh` script explicitly implements safe credential loading to prevent shell injection from configuration files, uses `chmod 600` for session tokens, and clearly documents all external communication with the user-configured Bitwarden server. While the `do_register` function in `bw.sh` involves complex cryptographic operations implemented in bash using `openssl`, it is for the stated purpose of account registration and shows no signs of malicious intent or unauthorized data exfiltration. No prompt injection attempts against the agent were found in `SKILL.md` or `README.md`.
Capability Assessment
Purpose & Capability
Name/description (Bitwarden/Vaultwarden CLI wrapper) match the script and SKILL.md. The required binaries (bw, openssl, curl) and required env vars (BW_SERVER, BW_EMAIL, BW_MASTER_PASSWORD) are appropriate for a CLI wrapper that logs in, registers accounts, and talks to a Bitwarden-compatible server.
Instruction Scope
The SKILL.md and bw.sh stay within the stated purpose: they log in, generate passwords, create/list/edit items, and (optionally) register accounts via the configured BW_SERVER. Minor implementation notes: the script parses JSON with grep/regex (fragile but expected for a bash-only tool) and implements registration using openssl and curl as described. The instructions and script reference CREDS_FILE and OPENCLAW_WORKSPACE as optional configuration sources; these optional env vars are reasonable but are not included in the top-level requires.env declaration in the registry metadata (see environment_proportionality).
Install Mechanism
This is instruction-only plus a bundled bash script (bw.sh). There is no remote download/install step in the skill metadata that would pull and execute arbitrary code at install time, so installation mechanism risk is low. The script does require the user to install the Bitwarden CLI separately (npm install -g @bitwarden/cli).
Credentials
The skill requires BW_SERVER, BW_EMAIL, and BW_MASTER_PASSWORD — these are highly sensitive but proportionate for an automated login to a Bitwarden/Vaultwarden instance. The script also reads optional CREDS_FILE and OPENCLAW_WORKSPACE environment variables (to locate a credentials file); those optional vars are not listed in the registry's top-level requires.env. The skill writes a session token to /tmp/.bw_session (with chmod 600), which is expected behavior but worth noting because it creates a local artifact containing an authentication token.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It caches a session token in /tmp/.bw_session and removes it on lock/logout, which is standard behavior for a CLI wrapper. Autonomous invocation is allowed by default (platform behavior) — consider policy if you want manual approval for password operations.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install twhidden-bitwarden
  3. After installation, invoke the skill by name or use /twhidden-bitwarden
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
- Skill name updated from "bitwarden-vaultwarden" to "Bitwarden / Vaultwarden" for clarity. - No functional changes; documentation and metadata improvements only. - Updated SKILL.md description and presentation to match new naming. - Clarified documentation language for consistency and readability.
v1.0.4
Rewrote registration to pure bash + openssl. Removed Python dependency entirely.
v1.0.2
Improved discoverability: Updated metadata to prominently mention Vaultwarden support. Skill now appears in searches for both 'bitwarden' and 'vaultwarden'. No functional changes.
v1.0.1
Security improvements: Safe credential loading (replaced 'source' with KEY=VALUE parser), declared required binaries (bw, python3). Addresses all ClawHub security scan concerns.
v1.0.0
Initial release
Metadata
Slug twhidden-bitwarden
Version 1.0.5
License
All-time Installs 2
Active Installs 2
Total Versions 5
Frequently Asked Questions

What is Twhidden Bitwarden?

Bitwarden & Vaultwarden password manager integration. Use when storing, retrieving, generating, or managing passwords and credentials. Wraps the Bitwarden CL... It is an AI Agent Skill for Claude Code / OpenClaw, with 768 downloads so far.

How do I install Twhidden Bitwarden?

Run "/install twhidden-bitwarden" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Twhidden Bitwarden free?

Yes, Twhidden Bitwarden is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Twhidden Bitwarden support?

Twhidden Bitwarden is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Twhidden Bitwarden?

It is built and maintained by Travis Whidden (@twhidden); the current version is v1.0.5.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments