← 返回 Skills 市场
97
总下载
0
收藏
1
当前安装
23
版本数
在 OpenClaw 中安装
/install safe-bitwarden-cli
功能描述
Industrial-grade secure bridge to Bitwarden. Copy passwords and TOTP codes with Zero-trust kernel-level piping.
安全使用建议
This skill appears to do exactly what it claims: search your Bitwarden vault and pipe passwords or TOTP codes directly to your OS clipboard using the Bitwarden CLI. Before installing, verify the following: (1) The manifest and SKILL.md both require BW_SESSION — ensure you are comfortable exporting a Bitwarden session token into your environment and that you only export it in a secure shell session. (2) Inspect scripts/main.sh yourself (it's short and readable) to confirm there are no modifications to other config or network calls. (3) Understand clipboard risk: once a secret is copied, other local apps or utilities (clipboard history managers, remote desktop sessions, clipboard-monitoring malware) could read it — consider setting a clipboard-clear policy after use. (4) Confirm you have the bw CLI and an appropriate native clipper (pbcopy/clip/xclip/wl-copy) on the devices you plan to use. (5) Fix the registry metadata discrepancy (it should declare BW_SESSION). If you require higher assurance, run the script locally in an isolated environment and test the 'setup', 'search', and 'copy' flows before granting the skill to an agent.
功能分析
Type: OpenClaw Skill
Name: safe-bitwarden-cli
Version: 1.6.0
The skill is a well-architected bridge for the Bitwarden CLI that prioritizes security through a 'password blindness' design. The core logic in `scripts/main.sh` avoids shell injection by eschewing `eval` and uses direct kernel-level piping to send passwords and TOTP codes from the `bw` binary to the system clipboard, ensuring sensitive data never enters the AI agent's context or logs. Search results are strictly filtered via Python to only expose non-sensitive metadata (ID, name, username), and no evidence of data exfiltration or unauthorized remote execution was found.
能力标签
能力评估
Purpose & Capability
The skill is a clipboard proxy for Bitwarden and requires the Bitwarden CLI and a BW_SESSION token to function — this is coherent with its description. Note: the registry header listed "Required env vars: none" while SKILL.md and manifest.json declare BW_SESSION; that mismatch should be resolved (BW_SESSION is legitimately required).
Instruction Scope
SKILL.md and scripts/main.sh limit behavior to: verify binaries, list/search non-sensitive item metadata, and pipe bw get password/totp output directly to the native clipboard. The script does not read other system files, contact external endpoints, or attempt to persist credentials; the scope is narrow and consistent.
Install Mechanism
This is an instruction-only skill with a bundled bash script and no install spec. It relies on existing system binaries (bw, pbcopy/clip/xclip/wl-copy, python3). No downloads or archive extraction are performed.
Credentials
The only sensitive environment material used is BW_SESSION (Bitwarden session token), which is appropriate and required for the Bitwarden CLI to return secrets. There are no unrelated TOKEN/KEY/PASSWORD env vars requested. Again, verify and correct the registry metadata that claimed there were no required env vars.
Persistence & Privilege
The skill does not request 'always' presence and does not modify other skills or system-wide agent settings. It runs on-demand via the provided script; autonomous invocation is allowed (platform default) but not elevated.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install safe-bitwarden-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/safe-bitwarden-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.0
Added TOTP (2FA) support: Users can now securely copy 6-digit codes directly to the native clipboard using kernel-level piping.
v1.5.4
Clean & Saturated Metadata: Simplified binary list to core requirements and used redundant environment keys to ensure correct registry indexing. Final audit polish.
v1.5.3
The Final Alignment: Added manifest.json as an unambiguous source of truth for dependencies and environment variables to resolve persistent registry indexing issues.
v1.5.2
Metadata Alignment: Switched requires and env_vars to Map format to ensure the registry summary correctly captures the BW_SESSION environment variable requirement.
v1.5.1
The Audit-Perfect Polish: Removed eval from shell script, deleted redundant package.json, updated all docs to shell-based instructions, and explicitly declared all clippers in metadata for maximum transparency.
v1.5.0
Total Shell Pivot: Rewrote entire skill in pure Bash to maximize transparency and security. Replaced all child_process calls with native OS pipes and utilized Python3 for memory-safe JSON parsing.
v1.4.0
Final Hardening: Implemented memory-safe search (immediate nullification of sensitive stdout) and synchronized redundant environment metadata for registry transparency.
v1.3.6
Cleaned up: Removed package.json. Reverted to pure-script project structure using only SKILL.md for metadata.
v1.3.5
Metadata Cleanup: Removed platform-specific binary clutter from manifest and ensured BW_SESSION environment variable is declared at the root requires level for registry transparency.
v1.3.4
Metadata Alignment: Flattened SKILL.md YAML and added package.json to ensure binaries and env vars are correctly indexed by the registry catalog.
v1.3.3
The Final Audit-Ready Release: Pure asynchronous spawn + Hardcoded string literals for binary names. Zero spawnSync usage.
v1.3.2
Total Async Refactor: Replaced spawnSync with Promise-based asynchronous spawn to satisfy strict security audits and avoid blocking the event loop.
v1.3.1
The Audit-Perfect Release: Zero-dependency, native-only, hardcoded binaries, and explicit environment manifest. Final consistency audit passed.
v1.3.0
Native Pivot: Removed CopyQ dependency. Now uses native OS clippers (pbcopy, clip, xclip, wl-copy) for zero-footprint operation.
v1.2.0
Removed automatic clipboard TTL/clearing logic to avoid registry audit confusion and satisfy user requirements.
v1.1.2
Audit Compliance: Replaced variable commands with hardcoded string literals to pass strict static analysis.
v1.1.1
Cleaned up: Removed autonomous installation logic. Strictly retrieval-to-clipboard focus.
v1.1.0
Pivot: Removed auto-paste functionality to focus on secure retrieval-to-clipboard only. Cleaned up dependencies.
v1.0.4
Trust & Transparency: Added homepage/repository metadata and declared BW_SESSION environment variable.
v1.0.3
Compliance Hardening: Implemented strict binary whitelisting and hardcoded command wrappers to resolve static analysis flags.
元数据
常见问题
Safe Bitwarden Cli 是什么?
Industrial-grade secure bridge to Bitwarden. Copy passwords and TOTP codes with Zero-trust kernel-level piping. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。
如何安装 Safe Bitwarden Cli?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install safe-bitwarden-cli」即可一键安装,无需额外配置。
Safe Bitwarden Cli 是免费的吗?
是的,Safe Bitwarden Cli 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Safe Bitwarden Cli 支持哪些平台?
Safe Bitwarden Cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Safe Bitwarden Cli?
由 chyern(@chyern)开发并维护,当前版本 v1.6.0。
推荐 Skills