← Back to Skills Marketplace

Bitwarden Bw

Name: Bitwarden Bw
Author: yorha59

by zu · GitHub ↗ · v1.0.0

linuxmacos ✓ Security Clean

459

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install bitwarden-bw

Description

Access and manage Bitwarden passwords securely using the official bw CLI.

README (SKILL.md)

Bitwarden Skill

Interact with Bitwarden vaults using the official bw CLI.

Prerequisites

bw CLI installed: npm install -g @bitwarden/cli
BW_SESSION env var set (saved in ~/.zshrc)

Usage

Get a password

bw get password "site_name"

Get username

bw get username "site_name"

Get full item (JSON)

bw get item "site_name" --pretty

Search

bw list items --search "query" | python3 -c "import json,sys; [print(f'{i[\"name\"]} ({i.get(\"login\",{}).get(\"username\",\"\")})')for i in json.load(sys.stdin)]"

Sync vault

bw sync

Always sync before getting details to ensure accuracy.

TOTP code

bw get totp "site_name"

Notes

Session key is in BW_SESSION env var (persisted in ~/.zshrc)
If session expires, user must re-login interactively (bw login requires OTP)
bw unlock can refresh an expired session without full re-login

Usage Guidance

This skill appears to do what it says: it runs the official Bitwarden CLI (bw) to read and manage vault items. Before installing, confirm you have bw installed and that you understand the implication: the agent will need access to your BW_SESSION (a live Bitwarden session token) to operate and any commands it runs can read your vault entries. Ask the publisher to update metadata to declare BW_SESSION as a required credential so you can review it explicitly. Avoid storing BW_SESSION permanently in plain text (e.g., ~/.zshrc) if possible — prefer ephemeral sessions, manually run bw login/unlock when needed, or use short-lived session tokens. Only enable this skill if you trust the agent to handle sensitive data, and consider limiting autonomous invocation or testing in a restricted account/vault first.

Capability Analysis

Type: OpenClaw Skill Name: bitwarden-bw Version: 1.0.0 The skill bundle is benign. It provides instructions for an AI agent to interact with the legitimate Bitwarden CLI (`bw`) for password management. All commands are standard `bw` operations, and there is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The reliance on the `BW_SESSION` environment variable is expected for non-interactive Bitwarden CLI usage. Potential shell injection risks from unsanitized user input are vulnerabilities in the agent's execution model, not malicious intent within the skill definition itself.

Capability Assessment

✓ Purpose & Capability

Name/description match the required binary (bw). All primary actions in SKILL.md are bw CLI commands; requiring the bw binary is appropriate and proportional.

⚠ Instruction Scope

The SKILL.md explicitly expects a BW_SESSION environment variable and suggests persisting it in ~/.zshrc, but requires.env lists no environment variables. Instructions reference running bw and piping output to a local python command — expected — but the undeclared use of BW_SESSION and guidance to store a session in a shell RC file is a scope/information handling inconsistency that should be clarified.

✓ Install Mechanism

Instruction-only skill; no install spec. The README/local guidance suggests installing the official CLI via npm (npm install -g @bitwarden/cli), which is a normal, low-risk recommendation (no arbitrary downloads or extraction).

ℹ Credentials

Access to a Bitwarden session (BW_SESSION) is proportionate to the skill's purpose. However, the session token is sensitive and the skill fails to declare it as a required env var. The SKILL.md also recommends persisting the session in ~/.zshrc, which can expose credentials if not handled carefully.

✓ Persistence & Privilege

always is false and the skill does not request system-wide changes or modify other skills' configs. Model invocation is allowed (the platform default); combined with access to secrets this increases risk but is expected for a password-management skill.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install bitwarden-bw
After installation, invoke the skill by name or use /bitwarden-bw
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

bitwarden-bw 1.0.0 initial release: - Access and manage Bitwarden passwords using the official bw CLI. - Supports viewing passwords, usernames, TOTP codes, and full item details. - Provides commands to search vault items and sync your vault. - Requires the bw CLI and BW_SESSION environment variable.

Metadata

Slug bitwarden-bw

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Bitwarden Bw?

Access and manage Bitwarden passwords securely using the official bw CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 459 downloads so far.

How do I install Bitwarden Bw?

Run "/install bitwarden-bw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bitwarden Bw free?

Yes, Bitwarden Bw is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bitwarden Bw support?

Bitwarden Bw is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, macos).

Who created Bitwarden Bw?

It is built and maintained by zu (@yorha59); the current version is v1.0.0.

More Skills