← 返回 Skills 市场
459
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install bitwarden-bw
功能描述
Access and manage Bitwarden passwords securely using the official bw CLI.
使用说明 (SKILL.md)
Bitwarden Skill
Interact with Bitwarden vaults using the official bw CLI.
Prerequisites
bwCLI installed:npm install -g @bitwarden/cliBW_SESSIONenv var set (saved in~/.zshrc)
Usage
Get a password
bw get password "site_name"
Get username
bw get username "site_name"
Get full item (JSON)
bw get item "site_name" --pretty
Search
bw list items --search "query" | python3 -c "import json,sys; [print(f'{i[\"name\"]} ({i.get(\"login\",{}).get(\"username\",\"\")})')for i in json.load(sys.stdin)]"
Sync vault
bw sync
Always sync before getting details to ensure accuracy.
TOTP code
bw get totp "site_name"
Notes
- Session key is in
BW_SESSIONenv var (persisted in ~/.zshrc) - If session expires, user must re-login interactively (
bw loginrequires OTP) bw unlockcan refresh an expired session without full re-login
安全使用建议
This skill appears to do what it says: it runs the official Bitwarden CLI (bw) to read and manage vault items. Before installing, confirm you have bw installed and that you understand the implication: the agent will need access to your BW_SESSION (a live Bitwarden session token) to operate and any commands it runs can read your vault entries. Ask the publisher to update metadata to declare BW_SESSION as a required credential so you can review it explicitly. Avoid storing BW_SESSION permanently in plain text (e.g., ~/.zshrc) if possible — prefer ephemeral sessions, manually run bw login/unlock when needed, or use short-lived session tokens. Only enable this skill if you trust the agent to handle sensitive data, and consider limiting autonomous invocation or testing in a restricted account/vault first.
功能分析
Type: OpenClaw Skill
Name: bitwarden-bw
Version: 1.0.0
The skill bundle is benign. It provides instructions for an AI agent to interact with the legitimate Bitwarden CLI (`bw`) for password management. All commands are standard `bw` operations, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The reliance on the `BW_SESSION` environment variable is expected for non-interactive Bitwarden CLI usage. Potential shell injection risks from unsanitized user input are vulnerabilities in the agent's execution model, not malicious intent within the skill definition itself.
能力评估
Purpose & Capability
Name/description match the required binary (bw). All primary actions in SKILL.md are bw CLI commands; requiring the bw binary is appropriate and proportional.
Instruction Scope
The SKILL.md explicitly expects a BW_SESSION environment variable and suggests persisting it in ~/.zshrc, but requires.env lists no environment variables. Instructions reference running bw and piping output to a local python command — expected — but the undeclared use of BW_SESSION and guidance to store a session in a shell RC file is a scope/information handling inconsistency that should be clarified.
Install Mechanism
Instruction-only skill; no install spec. The README/local guidance suggests installing the official CLI via npm (npm install -g @bitwarden/cli), which is a normal, low-risk recommendation (no arbitrary downloads or extraction).
Credentials
Access to a Bitwarden session (BW_SESSION) is proportionate to the skill's purpose. However, the session token is sensitive and the skill fails to declare it as a required env var. The SKILL.md also recommends persisting the session in ~/.zshrc, which can expose credentials if not handled carefully.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills' configs. Model invocation is allowed (the platform default); combined with access to secrets this increases risk but is expected for a password-management skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bitwarden-bw - 安装完成后,直接呼叫该 Skill 的名称或使用
/bitwarden-bw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
bitwarden-bw 1.0.0 initial release:
- Access and manage Bitwarden passwords using the official bw CLI.
- Supports viewing passwords, usernames, TOTP codes, and full item details.
- Provides commands to search vault items and sync your vault.
- Requires the bw CLI and BW_SESSION environment variable.
元数据
常见问题
Bitwarden Bw 是什么?
Access and manage Bitwarden passwords securely using the official bw CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 459 次。
如何安装 Bitwarden Bw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bitwarden-bw」即可一键安装,无需额外配置。
Bitwarden Bw 是免费的吗?
是的,Bitwarden Bw 完全免费(开源免费),可自由下载、安装和使用。
Bitwarden Bw 支持哪些平台?
Bitwarden Bw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, macos)。
谁开发了 Bitwarden Bw?
由 zu(@yorha59)开发并维护,当前版本 v1.0.0。
推荐 Skills