bw-cli
Enables interaction with Bitwarden password manager via CLI for secure password management and vault operations.
Install this skill
Security score
The bw-cli skill was audited on Feb 15, 2026 and we found 28 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Access to hidden dotfiles in home directory
| 398 | mkdir -p ~/.openclaw/workspace |
Access to hidden dotfiles in home directory
| 399 | echo "BW_PASSWORD=your_master_password" > ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 400 | chmod 600 ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 403 | echo ".secrets" >> ~/.openclaw/workspace/.gitignore |
Access to hidden dotfiles in home directory
| 406 | echo 'source ~/.openclaw/workspace/.secrets 2>/dev/null' >> ~/.bashrc |
Access to hidden dotfiles in home directory
| 408 | echo 'source ~/.openclaw/workspace/.secrets 2>/dev/null' >> ~/.zshrc |
Access to hidden dotfiles in home directory
| 421 | - Auto-sourcing happens on new shell sessions; run `source ~/.openclaw/workspace/.secrets` for current session |
Access to hidden dotfiles in home directory
| 429 | echo "BW_CLIENTID=user.xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" >> ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 430 | echo "BW_CLIENTSECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 431 | chmod 600 ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 451 | echo "[email protected]" >> ~/.openclaw/workspace/.secrets |
Access to hidden dotfiles in home directory
| 457 | set -a && source ~/.openclaw/workspace/.secrets && set +a && bw login "$BW_EMAIL" "$BW_PASSWORD" |
Access to hidden dotfiles in home directory
| 467 | set -a && source ~/.openclaw/workspace/.secrets && set +a |
Access to hidden dotfiles in home directory
| 528 | 6. **Auto-source**: Add to ~/.bashrc or ~/.zshrc for persistent env vars |
Prompting for API key/token input
| 535 | | "Bot detected" | Use `--apikey` or provide `client_secret` | |
External URL reference
| 7 | docs: https://bitwarden.com/help/cli/ |
External URL reference
| 8 | docs-md: https://bitwarden.com/help/cli.md |
External URL reference
| 9 | api-key-docs: https://bitwarden.com/help/personal-api-key/ |
External URL reference
| 16 | **Official documentation:** https://bitwarden.com/help/cli/ |
External URL reference
| 17 | **Markdown version (for agents):** https://bitwarden.com/help/cli.md |
External URL reference
| 25 | # https://bitwarden.com/download/?app=cli |
External URL reference
| 83 | bw config server https://vault.example.com |
External URL reference
| 84 | bw config server https://vault.bitwarden.eu # EU cloud |
External URL reference
| 127 | bw list items --url https://example.com |
External URL reference
| 483 | **Get your API key:** https://bitwarden.com/help/personal-api-key/ |
External URL reference
| 543 | - HTML documentation: https://bitwarden.com/help/cli/ |
External URL reference
| 544 | - Markdown (fetchable): https://bitwarden.com/help/cli.md |
External URL reference
| 545 | - Personal API Key: https://bitwarden.com/help/personal-api-key/ |