bitwarden
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to retrieve and display plain-text passwords from a Bitwarden vault. It uses
bw unlock --rawto obtain a session key andbw list itemsto fetch credentials. The provided Python script explicitly prints the 'password' field to the standard output, which exposes sensitive credentials within the agent's environment and chat history. - [COMMAND_EXECUTION]: The skill relies on shell command execution to interact with the Bitwarden CLI (
bw). It uses environment variables (BW_SESSION) to store session keys and pipes data into an inline Python script for processing. This pattern of handling sensitive vault data through shell commands and pipes can lead to data leakage in process lists or command history. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the Bitwarden CLI using official package managers like Homebrew, Winget, and npm (
@bitwarden/cli). While these are trusted sources for the intended functionality, it involves downloading and installing external binary tools to the local system.
Recommendations
- AI detected serious security threats
Audit Metadata