← 返回 Skills 市场
gitchrisqueen

LastPass CLI Skill

作者 gitchrisqueen · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
1754
总下载
2
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install lastpass-cli
功能描述
Securely fetch credentials from LastPass vault via lpass CLI.
使用说明 (SKILL.md)

LastPass CLI Skill

Description

This skill lets the agent retrieve credentials from the local LastPass vault using the lpass CLI. It is intended for fetching secrets into automation flows, not for interactive vault management.

Tools

  • lastpass_get_secret: Retrieve a specific field (password, username, notes) for a named LastPass entry using the local lpass CLI.

When to Use

  • When you need a password, username, or notes for a specific account that is stored in LastPass.
  • When orchestrating deployments, API calls, or logins that require secrets.

Tool: lastpass_get_secret

Invocation

Call this tool with a JSON object:

{
  "name": "Exact LastPass entry name",
  "field": "password | username | notes | raw"
}
安全使用建议
This skill will run your local lpass CLI to print vault fields to stdout. Before installing: (1) Confirm you trust the skill source and inspect the small script (it simply runs 'lpass show'). (2) Ensure the agent environment actually has the 'lpass' binary and a valid LastPass session — the skill metadata should be updated to declare 'lpass' as a required binary. (3) Be aware that any secret returned is printed to stdout and could be logged or exfiltrated by the agent; only allow use in trusted, minimal-privilege contexts and prefer user-invocation. (4) Ask the maintainer to add explicit required-binaries metadata, guidance in SKILL.md about safe secret handling (avoid logs, prefer ephemeral usage), and input validation (sanitize entry names) before deploying widely.
功能分析
Type: OpenClaw Skill Name: lastpass-cli Version: 0.1.0 The skill is classified as suspicious due to its inherent high-risk capability: accessing sensitive LastPass credentials via the `lpass` CLI, as implemented in `tools/lastpass.sh`. While this behavior is explicitly aligned with the stated purpose in `SKILL.md` and there is no evidence of additional malicious intent (such as data exfiltration, persistence, or prompt injection against the agent), the direct access to a local secrets vault constitutes a significant 'risky capability' as defined by the provided threshold.
能力评估
Purpose & Capability
The skill's name/description match the included behavior: the tool runs the local lpass CLI to return a password, username, notes, or raw entry. However, the skill metadata lists no required binaries while the included script calls the 'lpass' executable — this omission is an incoherence that should be corrected.
Instruction Scope
SKILL.md and tools/lastpass.sh limit actions to invoking 'lpass show' for a specific named entry and field. The tool prints secrets to stdout (normal for CLIs) but the SKILL.md does not include any guidance about secure handling (no mention to avoid logging, to limit exposure, or how to ensure a valid session).
Install Mechanism
No install spec is present and the included shell script is small and straightforward. There is no network download or archive extraction in the skill itself, which keeps installation risk low.
Credentials
The skill requests no environment variables or credentials in metadata, yet it depends on the local 'lpass' binary and a LastPass session (which may be authenticated via local agent, cached session, or environment). The omission of 'lpass' from required binaries/primary credential is misleading; the skill inherently requires access to local vault credentials and could expose secrets if misused.
Persistence & Privilege
The skill is not always-enabled and uses the platform defaults for invocation. It does not request elevated or persistent system presence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install lastpass-cli
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /lastpass-cli 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of LastPass CLI skill. - Enables secure credential retrieval from a local LastPass vault using the lpass CLI. - Provides the lastpass_get_secret tool to fetch passwords, usernames, notes, or raw data from specific vault entries. - Designed for use in automation flows to inject secrets as needed.
元数据
Slug lastpass-cli
版本 0.1.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

LastPass CLI Skill 是什么?

Securely fetch credentials from LastPass vault via lpass CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1754 次。

如何安装 LastPass CLI Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install lastpass-cli」即可一键安装,无需额外配置。

LastPass CLI Skill 是免费的吗?

是的,LastPass CLI Skill 完全免费(开源免费),可自由下载、安装和使用。

LastPass CLI Skill 支持哪些平台?

LastPass CLI Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 LastPass CLI Skill?

由 gitchrisqueen(@gitchrisqueen)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论