Clawdbot ToolsDocumentedScanned
openclaw-bitwarden
Set up and use Bitwarden CLI (bw).
Share:
Installation
npx clawhub@latest install openclaw-bitwardenView the full skill documentation and source below.
Documentation
Bitwarden CLI
Manage passwords and secrets via the Bitwarden CLI.
References
references/get-started.md(install + login + unlock flow)references/cli-examples.md(realbwexamples)
Workflow
bw --version.bw status (returns JSON with status field).bw login (stores API key, prompts for master password).bw commands.bw unlock (outputs session key).export BW_SESSION="".bw sync then bw list items --search test.REQUIRED tmux session
The Bitwarden CLI requires the BW_SESSION environment variable for authenticated commands. To persist the session across commands, always run bw inside a dedicated tmux session.
Example (see tmux skill for socket conventions):
SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-bw.sock"
SESSION="bw-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
# Unlock and capture session key
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'export BW_SESSION=$(bw unlock --raw)' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw sync' Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- 'bw list items --search github' Enter
# Capture output
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
# Cleanup when done
tmux -S "$SOCKET" kill-session -t "$SESSION"Common Commands
| Command | Description |
bw status | Check login/lock status (JSON) |
bw login | Login with email/password or API key |
bw unlock | Unlock vault, returns session key |
bw lock | Lock vault |
bw sync | Sync vault with server |
bw list items | List all items |
bw list items --search | Search items |
bw get item | Get specific item (JSON) |
bw get password | Get just the password |
bw get username | Get just the username |
bw get totp | Get TOTP code |
bw generate -ulns --length 32 | Generate password |
Guardrails
- Never paste secrets into logs, chat, or code.
- Always use tmux to maintain BW_SESSION across commands.
- Prefer
bw get passwordover parsing full item JSON when only password needed. - If command returns "Vault is locked", re-run
bw unlockinside tmux. - Do not run authenticated
bwcommands outside tmux; the session won't persist. - Lock vault when done:
bw lock.
Testing with Vaultwarden
This skill includes a Docker Compose setup for local testing with [Vaultwarden]() (self-hosted Bitwarden-compatible server).
Quick Start
# Install mkcert and generate local certs (one-time)
brew install mkcert
mkcert -install
cd /path/to/openclaw-bitwarden
mkdir -p certs && cd certs
mkcert localhost 127.0.0.1 ::1
cd ..
# Start Vaultwarden + Caddy
docker compose up -d
# Configure bw CLI to use local server
bw config server
# Create a test account via web UI at
# Or run the setup script:
./scripts/setup-test-account.sh
# Test the skill workflow
./scripts/test-skill-workflow.shTest Credentials
- Server URL:
- Admin Panel: (token:
test-admin-token-12345) - Suggested test account: test@example.com / TestPassword123!
Node.js CA Trust
The bw CLI requires the mkcert CA to be trusted. Export before running bw commands:
export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"Or add to your shell profile for persistence.
Cleanup
docker compose down -v # Remove container and data