← Back to Skills Marketplace
daowuu

Bitwarden Credential

by wuu Dao · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
110
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install bitwarden-credential
Description
Store or retrieve credentials in Bitwarden via CLI. Use when asked to save, store, or add a password/API key/OAuth token/secret/credential to Bitwarden. Trig...
README (SKILL.md)

Bitwarden Credential Skill

Store credentials (passwords, API keys, OAuth tokens, etc.) in Bitwarden via the CLI.

Workflow

Step 1: Ensure Vault is Unlocked

The user must unlock their Bitwarden vault once per session in their terminal:

bw unlock

After unlocking, the user gets a session key. There are two ways to provide it:

Option A — Export the session (user does in their terminal):

export BW_SESSION="\x3Csession-key-from-unlock>"

Then just tell me "unlocked" and I can run commands directly.

Option B — Pass session directly to script:

BW_SESSION="\x3Csession-key>" ./bitwarden-credential.sh \x3Cname> \x3Cusername> \x3Cpassword> [notes]

Step 2: Store a Credential

Once vault is unlocked, provide me with:

  • Name — identifier for this credential (e.g., "GitHub API Key", "MiniMax API")
  • Username — often the client_id or key name
  • Password/Secret — the actual secret value
  • Notes (optional) — extra context (scope, grant_type, etc.)

Example user message:

"Save to Bitwarden: name=Grafana, username=admin, password=xyz123, notes=prod server"

Step 3: Execute

Use the bundled script or run directly:

# With BW_SESSION set
./scripts/bitwarden-credential.sh "\x3Cname>" "\x3Cusername>" "\x3Cpassword>" "[notes]"

# Or via bw CLI directly
echo -n '{"name":"...","login":{"username":"...","password":"..."},"type":1}' | bw create item

Notes

  • Bitwarden CLI must be installed: brew install bitwarden-cli
  • API key auth: Use bw login --apikey with client_id + client_secret, but vault still requires master password to unlock
  • I cannot unlock the vault for you — the master password never leaves your terminal
  • Session token (BW_SESSION) is session-scoped; it expires when the vault locks again
Usage Guidance
This skill appears to do what it says (store credentials to your Bitwarden vault) but it has sloppy/insecure details you should fix or consider before using: - Do not paste BW_SESSION or master passwords into chat. Prefer unlocking bw in your terminal and exporting BW_SESSION in that shell session rather than sending the token to the agent or pasting it into messages. Confirm the platform will not log or transmit your environment values. - The script requires jq (used to build JSON) but SKILL.md does not list jq; install jq or update the documentation to include it. - The script takes the secret/password as a command-line argument, which can be visible to other users via ps and may be captured in shell history. Prefer a safer interface: read the password from stdin, prompt interactively, or accept it via a secure environment variable rather than as a positional arg. - The registry metadata should be updated to declare BW_SESSION (or equivalent) as a required environment variable so the platform and users know the skill needs it. - If you plan to use this skill, test with dummy credentials first and consider modifying the script to avoid CLI-arg secrets and to explicitly check for jq. If you are not comfortable making those changes, do not provide real session tokens or secrets to the skill.
Capability Analysis
Type: OpenClaw Skill Name: bitwarden-credential Version: 1.0.0 The skill is a legitimate utility for storing credentials in Bitwarden using the official Bitwarden CLI (bw). The script `scripts/bitwarden-credential.sh` safely constructs JSON payloads using `jq` and requires a user-provided session token (`BW_SESSION`), ensuring the vault remains under the user's control. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The name/description (store/retrieve credentials in Bitwarden via CLI) matches the included script and instructions: both call the Bitwarden CLI to create items. However, registry metadata lists no required env vars while the SKILL.md and script require a BW_SESSION token — this mismatch should be corrected.
Instruction Scope
The SKILL.md and script confine actions to unlocking the Bitwarden vault and calling bw create item, which is in-scope. Concerns: (1) the script expects jq but SKILL.md does not list jq as a requirement; (2) the script accepts the secret/password as a command-line argument (exposed via process listing); (3) SKILL.md suggests the user might 'provide' the BW_SESSION in two ways, but does not warn strongly that pasting the BW_SESSION into chat or otherwise transmitting it externally will expose a live session token.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. SKILL.md notes Bitwarden CLI must be installed (brew install bitwarden-cli). It does not mention jq, which the script requires. No remote downloads or archive extraction are present.
Credentials
Requiring BW_SESSION (a session token for an unlocked vault) is proportionate to the purpose, but the registry metadata does not declare this required environment variable or a primary credential. The script's design asks for sensitive inputs in ways that increase exposure risk (BW_SESSION might be copied/pasted into chat or logs; passwords are passed as CLI args).
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bitwarden-credential
  3. After installation, invoke the skill by name or use /bitwarden-credential
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: store/retrieve credentials in Bitwarden via CLI
Metadata
Slug bitwarden-credential
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Bitwarden Credential?

Store or retrieve credentials in Bitwarden via CLI. Use when asked to save, store, or add a password/API key/OAuth token/secret/credential to Bitwarden. Trig... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.

How do I install Bitwarden Credential?

Run "/install bitwarden-credential" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bitwarden Credential free?

Yes, Bitwarden Credential is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bitwarden Credential support?

Bitwarden Credential is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bitwarden Credential?

It is built and maintained by wuu Dao (@daowuu); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments