← 返回 Skills 市场
tripleight

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns.

作者 Denis Pisarev · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
510
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install rbw
功能描述
Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts...
安全使用建议
This skill's instructions are coherent with its goal (non-interactive rbw usage) but they ask you to store your Bitwarden master password in plaintext and rely on an undeclared RBW_MASTER_PASSWORD environment variable and an /etc systemd file. Before using/installing: (1) verify the rbw binary and other tools (pinentry, jq, curl) are from trusted sources; (2) prefer safer non-interactive patterns if possible (systemd LoadCredential=, OS keyring, hardware token, or ephemeral service accounts) instead of plaintext files; (3) if you must use the provided pattern, restrict the credential file to root:root 600 and minimize who can read/modify systemd unit files; (4) confirm you trust the skill source (homepage unknown) and test in an isolated environment first; (5) consider editing the SKILL.md or your deployment to declare RBW_MASTER_PASSWORD explicitly and to document audit/trust controls. If you need, ask for a version that uses a recommended secure alternative (systemd LoadCredential or an external secret provider) instead of plaintext credentials.
功能分析
Type: OpenClaw Skill Name: rbw Version: 1.0.0 The skill bundle is designed to interact with the `rbw` CLI for Bitwarden/Vaultwarden. While its primary purpose is legitimate, the `SKILL.md` documentation provides explicit instructions for a non-interactive authentication method that involves storing the master password in plaintext within `/etc/systemd/rbw-credentials.conf` and using a custom `pinentry` script. Although the documentation includes a 'Security note' warning about this trade-off, instructing an AI agent to implement such a configuration constitutes a significant security risk, making the skill suspicious due to promoting a high-risk vulnerability.
能力评估
Purpose & Capability
The skill's name/description (non-interactive rbw usage) aligns with the SKILL.md content: commands, get/list/add, and systemd/script integration are all relevant to the stated purpose.
Instruction Scope
The runtime instructions tell the operator/agent to create a pinentry wrapper that reads RBW_MASTER_PASSWORD and to store the master password in /etc/systemd/rbw-credentials.conf (plaintext), and to configure systemd EnvironmentFile. The SKILL.md therefore instructs reading/writing system-level files and using an environment variable not declared in the skill metadata. These actions go beyond simply invoking rbw and involve system-wide sensitive state.
Install Mechanism
This is instruction-only (no install spec, no binaries shipped). That minimizes install-time risk because nothing is downloaded or written by an installer, but it assumes rbw/pinentry/jq/curl are available on the host.
Credentials
The SKILL.md relies on the RBW_MASTER_PASSWORD environment variable and on an EnvironmentFile under /etc/systemd, but the skill metadata declares no required env vars or credentials. Requiring a master password (and storing it as plaintext) is functionally consistent with non-interactive unlocking but the metadata mismatch and the need for a sensitive secret stored at root-level are disproportionate without explicit declaration and justification.
Persistence & Privilege
The skill does not request always:true and does not self-install, but its recommended pattern requires creating system files under /etc and adjusting systemd service EnvironmentFile entries (requires root). That means installation/run will need elevated privileges and will persist a sensitive secret on disk unless the user chooses alternative approaches.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install rbw
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /rbw 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the rbw skill (v1.0.0) - Provides commands for unlocking, listing, retrieving, syncing, and adding Bitwarden/Vaultwarden items using the rbw CLI - Includes detailed usage patterns for interactive and non-interactive/systemd environments, with secure authentication examples - Documents folder and field access, custom field handling, and script integration practices - Offers troubleshooting steps, error handling guidance, and best practices for secure automation
元数据
Slug rbw
版本 1.0.0
许可证
累计安装 2
当前安装数 2
历史版本数 1
常见问题

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. 是什么?

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 510 次。

如何安装 Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns.?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install rbw」即可一键安装,无需额外配置。

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. 是免费的吗?

是的,Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. 完全免费(开源免费),可自由下载、安装和使用。

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. 支持哪些平台?

Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns.?

由 Denis Pisarev(@tripleight)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论