openclaw-bitwardenSet up and use Bitwarden CLI (bw). Use when installing the CLI, unlocking vault, or reading/generating secrets via bw. Handles session management with BW_SESSION.
Install via ClawdBot CLI:
clawdbot install JimiHFord/openclaw-bitwardenManage passwords and secrets via the Bitwarden CLI.
references/get-started.md (install + login + unlock flow)references/cli-examples.md (real bw examples)bw --version.bw status (returns JSON with status field).bw login (stores API key, prompts for master password).bw commands.bw unlock (outputs session key).export BW_SESSION="" .bw sync then bw list items --search test.The Bitwarden CLI requires the BW_SESSION environment variable for authenticated commands. To persist the session across commands, always run bw inside a dedicated tmux session.
Example (see tmux skill for socket conventions):
SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-bw.sock"
SESSION="bw-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
# Unlock and capture session key
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'export BW_SESSION=$(bw unlock --raw)' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw sync' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw list items --search github' Enter
# Capture output
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
# Cleanup when done
tmux -S "$SOCKET" kill-session -t "$SESSION"| Command | Description |
|---------|-------------|
| bw status | Check login/lock status (JSON) |
| bw login | Login with email/password or API key |
| bw unlock | Unlock vault, returns session key |
| bw lock | Lock vault |
| bw sync | Sync vault with server |
| bw list items | List all items |
| bw list items --search | Search items |
| bw get item | Get specific item (JSON) |
| bw get password | Get just the password |
| bw get username | Get just the username |
| bw get totp | Get TOTP code |
| bw generate -ulns --length 32 | Generate password |
bw get password over parsing full item JSON when only password needed.bw unlock inside tmux.bw commands outside tmux; the session won't persist.bw lock.This skill includes a Docker Compose setup for local testing with Vaultwarden (self-hosted Bitwarden-compatible server).
# Install mkcert and generate local certs (one-time)
brew install mkcert
mkcert -install
cd /path/to/openclaw-bitwarden
mkdir -p certs && cd certs
mkcert localhost 127.0.0.1 ::1
cd ..
# Start Vaultwarden + Caddy
docker compose up -d
# Configure bw CLI to use local server
bw config server https://localhost:8443
# Create a test account via web UI at https://localhost:8443
# Or run the setup script:
./scripts/setup-test-account.sh
# Test the skill workflow
./scripts/test-skill-workflow.shtest-admin-token-12345)The bw CLI requires the mkcert CA to be trusted. Export before running bw commands:
export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"Or add to your shell profile for persistence.
docker compose down -v # Remove container and dataGenerated Mar 1, 2026
Automate retrieval of database passwords and API keys during CI/CD pipelines. The skill ensures secure session handling via tmux, preventing exposure of secrets in logs while syncing with Bitwarden vaults for up-to-date credentials.
Audit access logs and password changes by listing items and tracking modifications in a regulated environment. The tmux-based session management maintains audit trails without compromising security, supporting compliance with standards like PCI-DSS.
Securely manage patient portal credentials and encryption keys for EHR systems. The skill's guardrails prevent secret leakage, while TOTP generation and item search streamline access for authorized healthcare staff during emergencies.
Handle payment gateway API keys and customer data encryption secrets for online stores. By using bw generate for secure passwords and syncing vaults, it reduces fraud risk and ensures transaction integrity across distributed teams.
Manage student and faculty login credentials for LMS platforms, with automated rotation via password generation. The skill's testing setup with Vaultwarden allows safe sandboxing for training without exposing production data.
Offer Bitwarden CLI integration as a managed service for enterprises, charging per user or API call. Revenue comes from monthly subscriptions that include support, custom workflows, and compliance reporting for secret management.
Provide implementation and training services to deploy this skill in client environments, such as setting up Vaultwarden for testing or optimizing tmux sessions. Revenue is generated through project-based contracts and hourly rates.
Distribute the skill as open-source with premium features like advanced analytics or multi-vault support. Monetize through paid upgrades, enterprise licenses, or donations from developers using it for personal projects.
💬 Integration Tip
Always use tmux sessions to persist BW_SESSION across commands, and export NODE_EXTRA_CA_CERTS for local testing with mkcert to avoid SSL errors.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.