← 返回 Skills 市场

Headless Bitwarden

Name: Headless Bitwarden
Author: hans00

作者 Hans · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

138

总下载

当前安装

版本数

在 OpenClaw 中安装

/install headless-bitwarden

功能描述

Extension for Bitwarden usage: adds an ephemeral HTTPS web unlock helper for rbw (TTL default 10m) so you can unlock remotely without pasting secrets into chat.

使用说明 (SKILL.md)

Headless Bitwarden (rbw) — Skill (addon)

Goal: safely retrieve secrets from Bitwarden without pasting passwords/tokens into chat.

This skill is intentionally small and non-overlapping:

Use the existing Bitwarden skill for installation / account setup.
This skill only adds an ephemeral remote unlock web helper for rbw.

This skill standardizes a workflow around:

rbw (local encrypted cache + unlock)
an ephemeral unlock web helper that you can start on-demand and shut down automatically.

Core rules (must)

Never paste secrets into chat

No master password, no session keys, no JSON secrets.

Ephemeral by default

Unlock helper must be localhost-only, token-gated, and auto-expire.
Default TTL: 600s (10 minutes).

No secret logging / no secret persistence

Do not log request bodies.
Do not write secrets to disk.

Always restore rbw config

If a temporary pinentry override is used, it must be restored even on failure.

Prereqs

Follow the workspace Bitwarden skill for setup (install, register/login):

skills/bitwarden/SKILL.md

Additional requirements for the unlock helper:

rbw installed and registered/logged-in (device approved)
node available
bash
Optional (recommended for remote): cloudflared (for an ephemeral HTTPS URL)

Fast paths

A) If the vault is already unlocked

rbw unlocked
rbw sync
rbw search "\x3Ckeyword>"
rbw get "\x3Citem name>" --field "\x3Cfield name>"

B) If the vault is locked: start the ephemeral web unlock helper

From your workspace:

TTL_SECONDS=600 SYNC_AFTER_UNLOCK=1 \
  skills/headless-bitwarden/scripts/rbw-remote-unlock/start.sh

You will see:

Local URL: http://127.0.0.1:\x3Cport>/\x3Ctoken>/
If cloudflared exists: a Public URL: https://\x3Crandom>.../\x3Ctoken>/

Open the Public URL on your phone/laptop, enter the master password, and press Unlock. The helper will:

run rbw unlock
respond to the browser as soon as rbw unlock finishes
optionally run rbw sync after the browser response (so the page shouldn’t spin)
exit immediately on success (or auto-exit on TTL)

Security notes (residual risk, be explicit)

Even with HTTPS tunnel and no logs, this is not “zero risk”. Remaining risks include:

password exists briefly in process memory
password is passed briefly to a child process via env (in same-user scope)
token URL leakage during TTL would allow access to the form
tunnel provider is within the trust boundary (even though traffic is HTTPS)

Mitigations implemented:

localhost bind only (127.0.0.1)
high-entropy path token
request body size limit
no request-body logging
TTL auto-exit + exit-on-success
pinentry override always restored

Treat the Public URL as sensitive

The Public URL includes the one-time token. Anyone who obtains it during the TTL window can access the unlock form.

Do not paste the Public URL into GitHub issues, logs, screenshots, or shared channels.
Share it only to the person who is unlocking, and only for that one session.

Autofill note

The password input is configured to discourage browser/password-manager autofill (best-effort), but some managers may still try to fill. If you want to avoid accidental autofill, use a private/incognito window or temporarily disable the password manager for that page.

Retry / “unlock in progress” note

An unlock attempt can take a bit of time. If you submit twice quickly, you may see an “unlock attempt already in progress” message. Wait for the attempt to finish (default timeout is ~30s) before retrying.

Files

Implementation lives in:

skills/headless-bitwarden/scripts/rbw-remote-unlock/{start.sh,server.mjs,pinentry.sh}

Troubleshooting / operational notes

pinentry restore reliability

The helper does not call rbw config set/unset (which can hang in non-interactive environments). Instead, it temporarily edits:

~/.config/rbw/config.json → pinentry: \x3Cpath-to-pinentry.sh>

and then restores it back.

If something crashes mid-flight, the quickest manual recovery is:

rbw config set pinentry pinentry

Agent state

If rbw unlocked says agent not running, restart/refresh the agent by running:

rbw stop-agent || true
rbw unlocked

安全使用建议

This skill appears to do exactly what it claims: run a short‑lived, token‑gated local unlock helper and optionally expose it via a Cloudflare tunnel. Before installing, verify you trust the skill source and inspect the included scripts (they modify ~/.config/rbw/config.json and create /tmp FIFOs). Only run the helper when needed, do not share the public URL, and prefer a private browser window for unlocking. If you don't want an external tunnel, ensure cloudflared is not present or disable START_TUNNEL. Finally, note residual risks the skill documents: the master password is briefly in process memory/child env and the tunnel provider is in the trust boundary.

功能分析

Type: OpenClaw Skill Name: headless-bitwarden Version: 1.0.2 This skill implements a remote unlock helper for Bitwarden (rbw) by launching a local Node.js server and optionally exposing it via a public Cloudflare tunnel (trycloudflare.com). While the code includes security mitigations such as ephemeral tokens, TTL-based auto-shutdown, and attempts to clear password buffers in memory, the pattern of soliciting a master password through a web form and a public tunnel is inherently high-risk. The skill also dynamically modifies the local rbw configuration to use a custom pinentry script (pinentry.sh) and a FIFO pipe to automate credential injection, which are sensitive operations that could be abused if the session token is intercepted.

能力评估

✓ Purpose & Capability

Name/description match the implementation: scripts start a localhost HTTP helper, optionally open a Cloudflare tunnel, and temporarily override rbw pinentry to perform an unlock. Requested actions (edit rbw config, run rbw, start cloudflared) are expected for this feature.

✓ Instruction Scope

SKILL.md limits the skill to starting/stopping an ephemeral unlock helper and documents the exact files touched. The runtime code only reads/writes the rbw config.json (to set/restore pinentry), creates a FIFO in /tmp, runs rbw unlock, and serves a token-gated form. It does not attempt to read unrelated files or exfiltrate stored secrets to external endpoints (aside from the optional tunnel provider which merely proxies TLS traffic).

✓ Install Mechanism

Instruction-only with bundled scripts; no remote downloads or install hooks. Files are provided in the skill bundle, so nothing is fetched from arbitrary URLs during install.

✓ Credentials

The skill requests no external credentials and uses only local configuration/environment (rbw binary, node, optional cloudflared). It does edit ~/.config/rbw/config.json and writes a FIFO in /tmp—both reasonable for implementing a temporary pinentry override and unlocking flow.

✓ Persistence & Privilege

Skill is not always-enabled and does not modify OpenClaw or other skills. It runs ephemeral processes and auto-exits on TTL/success; no long‑lived privileges or persistent background services are installed.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install headless-bitwarden
安装完成后，直接呼叫该 Skill 的名称或使用 /headless-bitwarden 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Improved and refactored the unlock helper scripts for readability and maintainability. - Minor code updates in pinentry.sh and server.mjs—no behavior or workflow changes. - Documentation unchanged; security practices and workflow are as before.

v1.0.1

- Updated Bitwarden skill dependency reference from `skills/bitwarden-vault/SKILL.md` to `skills/bitwarden/SKILL.md` in prerequisites. - No other changes.

v1.0.0

Initial release of headless-bitwarden. - Adds an ephemeral HTTPS web unlock helper for rbw, enabling secure remote unlock of Bitwarden vaults. - Designed to prevent pasting secrets (e.g., passwords, tokens) into chat/workspaces. - Web unlock helper is localhost-only, token-gated, and auto-expires (default TTL 10 minutes). - No secret request logging or persistence; temporary pinentry overrides are always restored. - Supports integration with cloudflared for secure public HTTPS access, suitable for remote unlock scenarios.

元数据

Slug headless-bitwarden

版本 1.0.2

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 3

常见问题