← 返回 Skills 市场
Bitwarden CLI
作者
StartupBros
· GitHub ↗
· v1.0.0
1695
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install bw-vault
功能描述
Set up and use Bitwarden CLI (bw). Use when installing the CLI, authenticating (login/unlock), or reading secrets from your vault. Supports email/password, API key, and SSO authentication methods.
使用说明 (SKILL.md)
Bitwarden CLI Skill
The Bitwarden command-line interface (CLI) provides full access to your Bitwarden vault for retrieving passwords, secure notes, and other secrets programmatically.
Workflow Requirements
CRITICAL: Always run bw commands inside a dedicated tmux session. The CLI requires a session key (BW_SESSION) for all vault operations after authentication. A tmux session preserves this environment variable across commands.
Required Workflow
- Verify CLI installation: Run
bw --versionto confirm the CLI is available - Create a dedicated tmux session:
tmux new-session -d -s bw-session - Attach and authenticate: Run
bw loginorbw unlockinside the session - Export session key: After unlock, export
BW_SESSIONas instructed by the CLI - Execute vault commands: Use
bw get,bw list, etc. within the same session
Authentication Methods
| Method | Command | Use Case |
|---|---|---|
| Email/Password | bw login |
Interactive sessions, first-time setup |
| API Key | bw login --apikey |
Automation, scripts (requires separate unlock) |
| SSO | bw login --sso |
Enterprise/organization accounts |
After bw login with email/password, your vault is automatically unlocked. For API key or SSO login, you must subsequently run bw unlock to decrypt the vault.
Session Key Management
The unlock command outputs a session key. You must export it:
# Bash/Zsh
export BW_SESSION="\x3Csession_key_from_unlock>"
# Or capture automatically
export BW_SESSION=$(bw unlock --raw)
Session keys remain valid until you run bw lock or bw logout. They do not persist across terminal windows—hence the tmux requirement.
Reading Secrets
# Get password by item name
bw get password "GitHub"
# Get username
bw get username "GitHub"
# Get TOTP code
bw get totp "GitHub"
# Get full item as JSON
bw get item "GitHub"
# Get specific field
bw get item "GitHub" | jq -r '.fields[] | select(.name=="api_key") | .value'
# List all items
bw list items
# Search items
bw list items --search "github"
Security Guardrails
- NEVER expose secrets in logs, code, or command output visible to users
- NEVER write secrets to disk unless absolutely necessary
- ALWAYS use
bw lockwhen finished with vault operations - PREFER reading secrets directly into environment variables or piping to commands
- If you receive "Vault is locked" errors, re-authenticate with
bw unlock - If you receive "You are not logged in" errors, run
bw loginfirst - Stop and request assistance if tmux is unavailable on the system
Environment Variables
| Variable | Purpose |
|---|---|
BW_SESSION |
Session key for vault decryption (required for all vault commands) |
BW_CLIENTID |
API key client ID (for --apikey login) |
BW_CLIENTSECRET |
API key client secret (for --apikey login) |
BITWARDENCLI_APPDATA_DIR |
Custom config directory (enables multi-account setups) |
Self-Hosted Servers
For Vaultwarden or self-hosted Bitwarden:
bw config server https://your-bitwarden-server.com
Reference Documentation
- Get Started Guide - Installation and initial setup
- CLI Examples - Common usage patterns and advanced operations
安全使用建议
This skill is a documentation/helper for the official Bitwarden CLI and appears coherent. Before installing, verify you will install the bw binary from an official source (Homebrew, npm @bitwarden/cli, Chocolatey, Snap, or bitwarden.com). Be careful when exporting secrets into shell environment variables or command substitution—these can leak into process lists, shell history, or logs; prefer ephemeral piping or process-scope injection and run bw operations in a dedicated, secure tmux/session as instructed. If you use automation with BW_CLIENTID/BW_CLIENTSECRET, store those credentials safely and rotate them per policy. If anything in your environment or security policy disallows preserving session keys in shell environments, do not enable this skill or adapt usage to comply with your controls.
功能分析
Type: OpenClaw Skill
Name: bw-vault
Version: 1.0.0
The skill bundle is benign. It provides instructions and examples for installing and using the official Bitwarden CLI (`bw`). All commands and configurations are standard for interacting with a Bitwarden vault. The `SKILL.md` explicitly includes 'Security Guardrails' that instruct the AI agent on secure handling of secrets, such as never exposing them in logs or writing them to disk, and always using `bw lock` when finished. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts against the agent; instead, the instructions promote secure practices.
能力评估
Purpose & Capability
Name/description match the behavior. The skill only documents using the Bitwarden CLI (bw), authenticating, managing BW_SESSION, and reading items; required binary 'bw' and suggested install methods (brew/npm/choco/snap/official downloads) are appropriate for this purpose.
Instruction Scope
SKILL.md instructions stay within expected boundaries: installing/using bw, session management, secret retrieval, and examples for piping/exporting secrets. It does not instruct reading unrelated system files or contacting unexpected endpoints—self-hosted server URLs and vault.bitwarden.com are appropriate. It does recommend exporting secrets into environment variables or piping to commands (expected but operationally sensitive).
Install Mechanism
Install guidance references standard package routes (Homebrew, npm @bitwarden/cli, Chocolatey, Snap, and official bitwarden.com downloads). No untrusted/personal download URLs or obscure installers are used in the provided spec.
Credentials
Environment variables mentioned (BW_SESSION, BW_CLIENTID, BW_CLIENTSECRET, BITWARDENCLI_APPDATA_DIR) are exactly those needed for Bitwarden CLI operations and multi-account setups. The skill does not request unrelated credentials or hidden secrets beyond these.
Persistence & Privilege
Skill is instruction-only with always:false and default invocation settings; it does not request permanent presence or modify other skills or system-wide settings. Normal autonomous invocation is allowed by platform defaults but not excessive here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install bw-vault - 安装完成后,直接呼叫该 Skill 的名称或使用
/bw-vault触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Bitwarden password manager CLI (bw) with email/password, API key, and SSO authentication. Supports self-hosted Bitwarden/Vaultwarden. tmux session workflow for secure session key management.
元数据
常见问题
Bitwarden CLI 是什么?
Set up and use Bitwarden CLI (bw). Use when installing the CLI, authenticating (login/unlock), or reading secrets from your vault. Supports email/password, API key, and SSO authentication methods. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1695 次。
如何安装 Bitwarden CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install bw-vault」即可一键安装,无需额外配置。
Bitwarden CLI 是免费的吗?
是的,Bitwarden CLI 完全免费(开源免费),可自由下载、安装和使用。
Bitwarden CLI 支持哪些平台?
Bitwarden CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Bitwarden CLI?
由 StartupBros(@startupbros)开发并维护,当前版本 v1.0.0。
推荐 Skills