bitwarden-secrets

What This Skill Does

The Bitwarden Secrets skill provides a secure and controlled interface for interacting with your Bitwarden or Vaultwarden password manager directly from the OpenClaw AI. It leverages the official bw CLI (Bitwarden Command Line Interface) to perform operations such as synchronizing your vault, searching for specific secrets, retrieving item metadata, and, under strictly controlled conditions, revealing individual secret values. The primary design philosophy of this skill is safety-by-default, ensuring that sensitive secret values are not exposed in chat logs or agent outputs unless explicitly requested and confirmed by the user through a multi-step process. This minimizes the risk of accidental data leakage when managing your credentials.

Installation

To install the Bitwarden Secrets skill, you need to have the clawhub tool installed and configured. Ensure your environment meets the prerequisites for the bw CLI: it must be installed, the server URL configured (bw config server <url>), and you must be logged in (bw login --apikey) and have an active session (bw unlock).

Once the prerequisites are met, run the following command:

clawhub install openclaw/skills/skills/clawbow/bitwarden-secrets

After installation, it is highly recommended to run the bootstrap helper script to load runtime variables, refresh your session, and synchronize your vault in one go. You can do this by navigating to the skill's directory (cd skills/bitwarden-secrets) and sourcing the script (source scripts/vw_bootstrap.sh), or by using the vw-openclaw-ready command after a shell reload.

Use Cases

This skill is designed for a variety of secure credential management tasks:

• Vault Synchronization: Keep your local vault up-to-date with your Bitwarden/Vaultwarden server by running a sync operation.
• Item Search: Quickly locate specific passwords, notes, or other items within your vault using keyword searches.
• Metadata Retrieval: Obtain details about your vault items, such as item names, URIs, and other non-sensitive information.
• Secure Secret Revelation: With explicit user consent and by enabling a temporary security policy, you can reveal specific fields (like passwords) for a single item.
• Automation Integration: Integrate credential retrieval into automated workflows, ensuring secrets are handled safely.

Example Prompts

1. "Sync my Bitwarden vault."
2. "Search Bitwarden for my Google login details."
3. "Get the item ID for my GitHub SSH key."

Tips & Limitations

• Safety First: Always remember that secret values are redacted by default. Revealing a secret requires explicit confirmation using export VW_REVEAL_ALLOW=1 and --confirm YES_REVEAL, followed by unset VW_REVEAL_ALLOW after the operation. This process is designed to prevent accidental exposure.
• Minimum Information: The skill prioritizes retrieving only the necessary information. For sensitive data, it prefers using item IDs and labels rather than dumping entire entries.
• No Bulk Dumps: This skill is not designed for bulk export or dumping of all secrets. It focuses on targeted retrieval and management.
• Prerequisites are Crucial: Ensure the bw CLI is correctly installed, configured, logged in, and unlocked for the skill to function. The BW_SESSION environment variable must be available.
• Error Handling: While the skill aims for robustness, issues with bw CLI configuration or network connectivity can lead to errors. Refer to bw CLI documentation for troubleshooting.
• Temporary Reveal Policy: The VW_REVEAL_ALLOW environment variable and the --confirm YES_REVEAL flag are critical for revealing secrets. Remember to unset VW_REVEAL_ALLOW immediately after the operation to revert to the default safe state.