← Back to Skills Marketplace
LastPass CLI Skill
by
gitchrisqueen
· GitHub ↗
· v0.1.0
1754
Downloads
2
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install lastpass-cli
Description
Securely fetch credentials from LastPass vault via lpass CLI.
README (SKILL.md)
LastPass CLI Skill
Description
This skill lets the agent retrieve credentials from the local LastPass vault using the lpass CLI. It is intended for fetching secrets into automation flows, not for interactive vault management.
Tools
lastpass_get_secret: Retrieve a specific field (password, username, notes) for a named LastPass entry using the locallpassCLI.
When to Use
- When you need a password, username, or notes for a specific account that is stored in LastPass.
- When orchestrating deployments, API calls, or logins that require secrets.
Tool: lastpass_get_secret
Invocation
Call this tool with a JSON object:
{
"name": "Exact LastPass entry name",
"field": "password | username | notes | raw"
}
Usage Guidance
This skill will run your local lpass CLI to print vault fields to stdout. Before installing: (1) Confirm you trust the skill source and inspect the small script (it simply runs 'lpass show'). (2) Ensure the agent environment actually has the 'lpass' binary and a valid LastPass session — the skill metadata should be updated to declare 'lpass' as a required binary. (3) Be aware that any secret returned is printed to stdout and could be logged or exfiltrated by the agent; only allow use in trusted, minimal-privilege contexts and prefer user-invocation. (4) Ask the maintainer to add explicit required-binaries metadata, guidance in SKILL.md about safe secret handling (avoid logs, prefer ephemeral usage), and input validation (sanitize entry names) before deploying widely.
Capability Analysis
Type: OpenClaw Skill
Name: lastpass-cli
Version: 0.1.0
The skill is classified as suspicious due to its inherent high-risk capability: accessing sensitive LastPass credentials via the `lpass` CLI, as implemented in `tools/lastpass.sh`. While this behavior is explicitly aligned with the stated purpose in `SKILL.md` and there is no evidence of additional malicious intent (such as data exfiltration, persistence, or prompt injection against the agent), the direct access to a local secrets vault constitutes a significant 'risky capability' as defined by the provided threshold.
Capability Assessment
Purpose & Capability
The skill's name/description match the included behavior: the tool runs the local lpass CLI to return a password, username, notes, or raw entry. However, the skill metadata lists no required binaries while the included script calls the 'lpass' executable — this omission is an incoherence that should be corrected.
Instruction Scope
SKILL.md and tools/lastpass.sh limit actions to invoking 'lpass show' for a specific named entry and field. The tool prints secrets to stdout (normal for CLIs) but the SKILL.md does not include any guidance about secure handling (no mention to avoid logging, to limit exposure, or how to ensure a valid session).
Install Mechanism
No install spec is present and the included shell script is small and straightforward. There is no network download or archive extraction in the skill itself, which keeps installation risk low.
Credentials
The skill requests no environment variables or credentials in metadata, yet it depends on the local 'lpass' binary and a LastPass session (which may be authenticated via local agent, cached session, or environment). The omission of 'lpass' from required binaries/primary credential is misleading; the skill inherently requires access to local vault credentials and could expose secrets if misused.
Persistence & Privilege
The skill is not always-enabled and uses the platform defaults for invocation. It does not request elevated or persistent system presence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install lastpass-cli - After installation, invoke the skill by name or use
/lastpass-cli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release of LastPass CLI skill.
- Enables secure credential retrieval from a local LastPass vault using the lpass CLI.
- Provides the lastpass_get_secret tool to fetch passwords, usernames, notes, or raw data from specific vault entries.
- Designed for use in automation flows to inject secrets as needed.
Metadata
Frequently Asked Questions
What is LastPass CLI Skill?
Securely fetch credentials from LastPass vault via lpass CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 1754 downloads so far.
How do I install LastPass CLI Skill?
Run "/install lastpass-cli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is LastPass CLI Skill free?
Yes, LastPass CLI Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does LastPass CLI Skill support?
LastPass CLI Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created LastPass CLI Skill?
It is built and maintained by gitchrisqueen (@gitchrisqueen); the current version is v0.1.0.
More Skills