Manage secrets via Bitwarden CLI (bw). Use when pulling secrets into a shell session, creating/updating Secure Notes from .env files, listing vault items, or...
Security Analysis
medium confidenceThis is a Bitwarden CLI helper that mostly does what it claims, but the runtime instructions and included functions perform unsafe operations (blind eval of vault notes, a helper that will upload all shell environment variables, and use of env vars not declared in metadata), so you should review and understand the risks before installing.
The name/description match the delivered artifacts: a Bitwarden CLI helper that requires bw and jq and provides shell functions. However, the SKILL.md and functions expect API-login environment variables (BW_CLIENTID, BW_CLIENTSECRET, BW_SESSION, BW_MASTER_PASSWORD) even though requires.env lists none — that mismatch should be justified.
The provided functions instruct the agent/user to source the script into shell startup files and then perform eval of remote data: `bwe()` performs `eval $(bw get item <name> | jq -r '.notes')` and `bwss()` uses eval on bw unlock output. `bwe_safe` reduces risk but still evals exported values (so command-substitution in values would execute). The `bwce` function collects all exported environment variables and uploads them into a Secure Note (possible silent exfiltration of unrelated secrets). These behaviors go beyond simple listing/loading and require careful trust of vault contents and the skill source.
Install options are standard: Homebrew formula (bitwarden-cli), snap, or npm. These are reasonable and expected for installing the bw binary. The SKILL.md also suggests installing the skill from an external repo (git clone or npx clawhub), so users should verify the repository source before cloning/sourcing code.
The skill metadata declares no required env vars, but the instructions explicitly ask you to export BW_CLIENTID and BW_CLIENTSECRET (API key login) and handle BW_MASTER_PASSWORD/BW_SESSION. Additionally, `bwce` will capture and upload all exported environment variables (including unrelated/secrets like cloud credentials) into Bitwarden — this is powerful and potentially dangerous. The number and sensitivity of environment interactions are disproportionate to a passive 'list/get' helper unless you intentionally use the creation helpers.
The SKILL.md recommends adding a source line to ~/.bashrc to persist the functions, which modifies user shell startup files (expected for shell helpers). always:false and no cross-skill config modifications are set, so there is no elevated platform privilege, but persisting the script into shell startup increases the impact of any unsafe function in the file.
Guidance
This skill implements useful Bitwarden shell helpers but includes risky behaviors you must accept knowingly: it blindly evals text fetched from your vault (so a malicious or compromised vault item could execute commands), and it includes a function (bwce) that captures and uploads all exported environment variables — which can leak unrelated secrets. Before installing: (1) review the included lib/bw-functions.sh source yourself (or only source a vetted copy), (2) prefer using bwe_safe and manually inspect notes before eval, (3) do not run bwce on machines with unrelated credentials, (4) use a machine account limited to a single collection for automated loads, (5) ensure the skill's repo/source is trustworthy before adding a 'source' line to your shell profile, and (6) ask the publisher to update the metadata to declare the BW_* env vars the instructions require. If you want a lower-risk setup, avoid automatic eval and instead fetch notes and manually export/parse trusted values.
Latest Release
v1.1.0
Extracted all functions to lib/bw-functions.sh — skill is now self-contained. Source one file, no dotfiles dependency.
More by @stevengonsalvez
Published by @stevengonsalvez on ClawHub
