by 安全扫描
OpenClaw
可疑
high confidenceThe scripts and SKILL.md clearly require Bitwarden CLI (bw), jq, and several sensitive environment variables and specific filesystem paths, but the registry metadata declares no requirements — the mismatch and some filesystem/logging choices warrant caution before installing.
评估建议
This skill appears to implement the advertised Vaultwarden wrappers, but the registry metadata and SKILL.md disagree: the scripts require the Bitwarden CLI (bw) and jq plus sensitive env vars (BW_CLIENTID, BW_CLIENTSECRET, BW_PASSWORD) even though the registry lists none. Before installing: 1) verify and accept installing/using bw CLI (SKILL.md pins an older version 2023.10.0) and install jq; 2) do not supply your real secrets until you confirm the server URL and have reviewed the scripts — they...详细分析 ▾
⚠ 用途与能力
The skill claims to manage Vaultwarden secrets and the scripts do that, but the package metadata declares no required binaries or environment variables while SKILL.md and the scripts require the Bitwarden CLI (bw), jq, and BW_CLIENTID/BW_CLIENTSECRET/BW_PASSWORD plus optional VW_* env vars. The metadata omission is an incoherence — a user installing this skill would legitimately need bw and jq and the listed env vars.
ℹ 指令范围
Runtime instructions and scripts are narrowly scoped to call the bw CLI and jq and to read/write session, cache, and log files under $VW_SESSION_DIR and VW_LOG_FILE. The scripts do not contain obvious network calls beyond bw (which communicates with the configured Vaultwarden server). However SKILL.md recommends a specific server URL (https://vaultwarden.mbojer.dk) as the example; ensure you configure your intended server. The scripts also write logs (names/IDs/operation outcomes) and session tokens to disk, which is expected for this purpose but should be reviewed for exposure risk.
⚠ 安装机制
This is instruction-only (no install spec), but SKILL.md instructs users to globally install a pinned bw CLI via npm (npm install -g @bitwarden/cli@2023.10.0). The scripts also require jq, but SKILL.md/registry metadata do not explicitly declare jq as a prerequisite. The missing dependency declarations and requirement to install a specific (older) CLI version are mismatches that users should validate before following.
⚠ 凭证需求
The skill requires sensitive env vars (BW_CLIENTID, BW_CLIENTSECRET, BW_PASSWORD) which are proportionate to logging in/unlocking Vaultwarden, but the registry metadata lists no required env vars — an inconsistency. Defaults for session and log paths (/run/openclaw/vw, /var/log/openclaw/vaultwarden.log) may require elevated permissions and could expose metadata if the log file is not properly protected. The number of env vars is reasonable for the stated purpose but must be handled securely.
✓ 持久化与权限
The skill is user-invocable, not always-enabled, and allows normal autonomous invocation. It stores session tokens and caches in its own session directory and does not modify other skills or global agent configuration. No excessive persistence privileges are requested.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/4/4
Remove SSH key scripts (bw 2023.10.0 cipher bug with multiline content). Personal vault fallback working. Session persistence and caching intact.
● Pending
安装命令 点击复制
官方npx clawhub@latest install vaultwarden-skill
镜像加速npx clawhub@latest install vaultwarden-skill --registry https://cn.clawhub-mirror.com
技能文档
Manage secrets in Vaultwarden via wrapper scripts. All scripts handle session state, caching, logging, and error handling — do not call bw directly.
CLI Version Requirement — CRITICAL
Bitwarden CLI 2024.x+ breaks Vaultwarden authentication with User Decryption Options are required.
# Install the required version
npm install -g @bitwarden/cli@2023.10.0# Verify
bw --version # must show 2023.10.0
vw-unlock.sh will hard-exit if an incompatible version is detected.
Setup (run once)
bw config server https://vaultwarden.mbojer.dk
Required Environment Variables
Set in OpenClaw config, never stored in vault:
| Variable | Purpose |
|---|---|
BW_CLIENTID | API key client ID |
BW_CLIENTSECRET | API key client secret |
BW_PASSWORD | Master password for unlock |
VW_COLLECTION_NAME | Collection name to scope to (default: openclaw) — org accounts only |
VW_COLLECTION_ID | Hardcode collection ID — use if name lookup fails (org accounts only) |
VW_SESSION_DIR | Session token dir (default: /run/openclaw/vw) |
VW_LOG_FILE | Audit log path (default: /var/log/openclaw/vaultwarden.log) |
VW_CACHE_TTL | Read cache TTL in seconds (default: 60, set 0 to disable) |
Collection Scoping — Personal vs Org Vaults
Personal Vaultwarden accounts cannot access collections via API key — this is a Bitwarden limitation, not a bug in this skill. bw list collections returns [] on personal vaults.
The skill handles this automatically: if no collection is found, all operations fall back to unscoped (full vault) queries. For org accounts, set VW_COLLECTION_NAME or VW_COLLECTION_ID to scope operations to a specific collection.
Session Management
vw-unlock.sh # authenticate and unlock — run before any vault operation
vw-lock.sh # lock vault and clear all caches
vw-status.sh # check connection and session state
vw-sync.sh # sync local cache with server — run if vault modified externally
Session token stored in $VW_SESSION_DIR/.bw_session (chmod 600).
Collection ID cached in $VW_SESSION_DIR/.collection_id — invalidated on lock and sync.
Read cache stored in $VW_SESSION_DIR/cache/ — TTL controlled by VW_CACHE_TTL.
Read Operations
All reads are collection-scoped to $VW_COLLECTION_NAME. Frequently-read items are cached with a TTL to reduce API calls.
vw-list.sh [query] # list items in openclaw collection, optional search
vw-get.sh # full item JSON
vw-get-pass.sh # password only (collection-scoped, cached)
vw-get-user.sh # username only (collection-scoped, cached)
vw-get-field.sh # single custom field value
vw-get-totp.sh # current TOTP code (not cached — codes expire)
Write Operations
Write operations invalidate the read cache automatically.
echo | vw-create-login.sh # create login item (password via stdin)
echo | vw-create-note.sh # create secure note (content via stdin)
echo | vw-update.sh # update field: password|username|notes|custom:
vw-delete.sh # move to trash — requires both ID and name to match
vw-rotate-pass.sh [length] # generate new password and update atomically
Capture rotated password cleanly (status goes to stderr):
NEW_PASS=$(vw-rotate-pass.sh "MyService")
Rules
- Always run
vw-unlock.shbefore vault operations,vw-lock.shwhen done - Run
vw-sync.shbefore reads if vault was modified via web UI or another client - Always use item ID (not name) for
vw-update.shandvw-delete.sh vw-delete.shmoves items to trash — not permanent. Empty trash via web UI if needed- All secret values must be passed via stdin — never as CLI arguments
- Never log or output raw secret values — only names, IDs, and operation results
- If any script exits non-zero, stop and report — do not retry silently
- All operations are scoped to
$VW_COLLECTION_NAMEwhen a collection is available. Personal vaults (no org) fallback to full vault — no collection required
Error Reference
| Error | Fix |
|---|---|
bw CLI X.X.X is incompatible | npm install -g @bitwarden/cli@2023.10.0 |
User Decryption Options are required | Same as above — wrong CLI version |
no active session | Run vw-unlock.sh |
session invalid or expired | Run vw-unlock.sh |
collection not found | Check VW_COLLECTION_NAME, run vw-sync.sh |
name mismatch | Verify item ID with vw-get.sh before deleting |
custom field does not exist | Check field name with vw-get.sh |
server not configured | Run bw config server https://vaultwarden.mbojer.dk |
API key login failed | Check BW_CLIENTID and BW_CLIENTSECRET |
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制