← 返回 Skills 市场
Twhidden Bitwarden
作者
Travis Whidden
· GitHub ↗
· v1.0.5
768
总下载
2
收藏
2
当前安装
5
版本数
在 OpenClaw 中安装
/install twhidden-bitwarden
功能描述
Bitwarden & Vaultwarden password manager integration. Use when storing, retrieving, generating, or managing passwords and credentials. Wraps the Bitwarden CL...
安全使用建议
This skill appears to do what it says: wrap the Bitwarden CLI and manage a Bitwarden/Vaultwarden account. Before installing, consider the following: 1) You will need to provide your master password (BW_MASTER_PASSWORD) — this is necessary but highly sensitive; prefer a dedicated account or minimize exposure time. 2) The script can read a credentials file (CREDS_FILE) in your OpenClaw workspace; ensure that file is protected (chmod 600) and not committed to source control. 3) The script writes a session token to /tmp/.bw_session; the script sets restrictive permissions, but you should verify your environment's /tmp policies. 4) If you want human approval before the agent stores or retrieves passwords, limit autonomous invocation via your OpenClaw tool policy. 5) If you have concerns about the packaged code, review bw.sh yourself (it's included) or obtain the skill from a trusted origin (verify the GitHub/homepage and commit history).
功能分析
Type: OpenClaw Skill
Name: twhidden-bitwarden
Version: 1.0.5
The OpenClaw Bitwarden skill is benign. It provides a wrapper for the Bitwarden CLI, enabling password management functionalities like login, registration, and CRUD operations. The `bw.sh` script explicitly implements safe credential loading to prevent shell injection from configuration files, uses `chmod 600` for session tokens, and clearly documents all external communication with the user-configured Bitwarden server. While the `do_register` function in `bw.sh` involves complex cryptographic operations implemented in bash using `openssl`, it is for the stated purpose of account registration and shows no signs of malicious intent or unauthorized data exfiltration. No prompt injection attempts against the agent were found in `SKILL.md` or `README.md`.
能力评估
Purpose & Capability
Name/description (Bitwarden/Vaultwarden CLI wrapper) match the script and SKILL.md. The required binaries (bw, openssl, curl) and required env vars (BW_SERVER, BW_EMAIL, BW_MASTER_PASSWORD) are appropriate for a CLI wrapper that logs in, registers accounts, and talks to a Bitwarden-compatible server.
Instruction Scope
The SKILL.md and bw.sh stay within the stated purpose: they log in, generate passwords, create/list/edit items, and (optionally) register accounts via the configured BW_SERVER. Minor implementation notes: the script parses JSON with grep/regex (fragile but expected for a bash-only tool) and implements registration using openssl and curl as described. The instructions and script reference CREDS_FILE and OPENCLAW_WORKSPACE as optional configuration sources; these optional env vars are reasonable but are not included in the top-level requires.env declaration in the registry metadata (see environment_proportionality).
Install Mechanism
This is instruction-only plus a bundled bash script (bw.sh). There is no remote download/install step in the skill metadata that would pull and execute arbitrary code at install time, so installation mechanism risk is low. The script does require the user to install the Bitwarden CLI separately (npm install -g @bitwarden/cli).
Credentials
The skill requires BW_SERVER, BW_EMAIL, and BW_MASTER_PASSWORD — these are highly sensitive but proportionate for an automated login to a Bitwarden/Vaultwarden instance. The script also reads optional CREDS_FILE and OPENCLAW_WORKSPACE environment variables (to locate a credentials file); those optional vars are not listed in the registry's top-level requires.env. The skill writes a session token to /tmp/.bw_session (with chmod 600), which is expected behavior but worth noting because it creates a local artifact containing an authentication token.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide agent settings. It caches a session token in /tmp/.bw_session and removes it on lock/logout, which is standard behavior for a CLI wrapper. Autonomous invocation is allowed by default (platform behavior) — consider policy if you want manual approval for password operations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install twhidden-bitwarden - 安装完成后,直接呼叫该 Skill 的名称或使用
/twhidden-bitwarden触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
- Skill name updated from "bitwarden-vaultwarden" to "Bitwarden / Vaultwarden" for clarity.
- No functional changes; documentation and metadata improvements only.
- Updated SKILL.md description and presentation to match new naming.
- Clarified documentation language for consistency and readability.
v1.0.4
Rewrote registration to pure bash + openssl. Removed Python dependency entirely.
v1.0.2
Improved discoverability: Updated metadata to prominently mention Vaultwarden support. Skill now appears in searches for both 'bitwarden' and 'vaultwarden'. No functional changes.
v1.0.1
Security improvements: Safe credential loading (replaced 'source' with KEY=VALUE parser), declared required binaries (bw, python3). Addresses all ClawHub security scan concerns.
v1.0.0
Initial release
元数据
常见问题
Twhidden Bitwarden 是什么?
Bitwarden & Vaultwarden password manager integration. Use when storing, retrieving, generating, or managing passwords and credentials. Wraps the Bitwarden CL... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 768 次。
如何安装 Twhidden Bitwarden?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install twhidden-bitwarden」即可一键安装,无需额外配置。
Twhidden Bitwarden 是免费的吗?
是的,Twhidden Bitwarden 完全免费(开源免费),可自由下载、安装和使用。
Twhidden Bitwarden 支持哪些平台?
Twhidden Bitwarden 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Twhidden Bitwarden?
由 Travis Whidden(@twhidden)开发并维护,当前版本 v1.0.5。
推荐 Skills