{ "schemaVersion": "1.0", "item": { "slug": "rbw", "name": "Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns.", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/TriplEight/rbw", "canonicalUrl": "https://clawhub.ai/TriplEight/rbw", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/rbw", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=rbw", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/rbw" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/rbw", "agentPageUrl": "https://openagent3.xyz/skills/rbw/agent", "manifestUrl": "https://openagent3.xyz/skills/rbw/agent.json", "briefUrl": "https://openagent3.xyz/skills/rbw/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Quick Reference", "body": "rbw unlock # unlock vault\nrbw list # list all items\nrbw list --fields \"name,folder\" # list with folders\nrbw get item_name # get password\nrbw get --folder folder_name item_name # get from folder\nrbw get --folder folder_name item_name --field url # get specific field\nrbw sync # sync vault" }, { "title": "get", "body": "rbw get [OPTIONS] [USER]\n\nOptions:\n --folder Folder to search in\n --field Specific field to retrieve (omit for password)\n --full Include notes in output\n --raw Output as JSON\n --clipboard Copy result to clipboard\n\n is a positional argument. [USER] disambiguates when multiple items share the same name. All option flags (--folder, --field, etc.) must precede the positional arguments.\n\nrbw get --folder homelab portainer\nrbw get --folder homelab portainer --field url\nrbw get my_password\nrbw get --folder work email user@example.com # USER disambiguation" }, { "title": "list", "body": "rbw list [OPTIONS]\n\nOptions:\n --fields Fields to display: id, name, user, folder, type\n --raw Output as JSON\n\nNote: rbw list does not support --folder filtering. Use rbw list --fields \"name,folder\" and grep if needed.\n\nrbw list --fields \"name,folder\"\nrbw list --raw | jq" }, { "title": "add", "body": "rbw add [OPTIONS] [USER]\n\nOptions:\n --folder Folder for the new entry\n --uri URI for the entry\n\nrbw will prompt for the password inline. Notes (if any) open in $EDITOR.\n\nrbw add --folder homelab my_service admin_user\nrbw add --folder homelab --uri https://example.com my_service" }, { "title": "Field Names", "body": "Field names are case-sensitive and must match exactly as defined in Vaultwarden.\n\nrbw get --folder homelab item # password (no --field)\nrbw get --folder homelab item --field Username # default Username field (capital U)\nrbw get --folder homelab item --field database # custom field\nrbw get --folder homelab item --field api_key # custom field\n\nTo inspect all fields on an item:\n\nrbw get --folder homelab item --raw | jq" }, { "title": "Interactive", "body": "# Check status (exits 0 if unlocked, non-zero if locked)\nrbw unlocked\n\n# Unlock (prompts for master password)\nrbw unlock" }, { "title": "Non-Interactive (Systemd/Scripts)", "body": "Security note: This pattern stores your master password in a plaintext file. Even with 600 permissions and root:root ownership, this is a security tradeoff. For higher-security environments, consider systemd's native LoadCredential= mechanism instead.\n\n1. Create a pinentry wrapper (~/.local/bin/pinentry-rbw-systemd):\n\n#!/usr/bin/env bash\nif [ -n \"$RBW_MASTER_PASSWORD\" ]; then\n echo \"OK Pleased to meet you\"\n while IFS= read -r line; do\n case \"$line\" in\n GETPIN)\n echo \"D $RBW_MASTER_PASSWORD\"\n echo \"OK\"\n ;;\n BYE)\n echo \"OK closing connection\"\n exit 0\n ;;\n *)\n echo \"OK\"\n ;;\n esac\n done\nelse\n exec /usr/bin/pinentry-curses \"$@\"\nfi\n\n2. Configure rbw to use it:\n\nchmod +x ~/.local/bin/pinentry-rbw-systemd\nrbw config set pinentry ~/.local/bin/pinentry-rbw-systemd\nrbw config show # verify\n\n3. Store master password (/etc/systemd/rbw-credentials.conf, root:root, chmod 600):\n\nRBW_MASTER_PASSWORD=your_master_password_here\n\n4. Systemd service:\n\n[Service]\nUser=tripleight\nEnvironmentFile=/etc/systemd/rbw-credentials.conf\nExecStart=/path/to/script.sh\n\n5. Script pattern:\n\n#!/usr/bin/env bash\nset -euo pipefail\n\nif ! rbw unlocked 2>/dev/null; then\n rbw unlock || { echo \"ERROR: Failed to unlock rbw\" >&2; exit 1; }\nfi\n\nrbw sync\n\nUSERNAME=$(rbw get --folder homelab service_name --field Username 2>/dev/null \\\n || { echo \"ERROR: Cannot read username (homelab/service_name)\" >&2; exit 1; })\nPASSWORD=$(rbw get --folder homelab service_name 2>/dev/null \\\n || { echo \"ERROR: Cannot read password (homelab/service_name)\" >&2; exit 1; })\n\ncurl -u \"$USERNAME:$PASSWORD\" https://api.example.com" }, { "title": "Vaultwarden Item Setup", "body": "A typical item used with rbw:\n\nFolder: homelab\nName: postgres_backup\nType: Login\nUsername: postgres ← accessed with --field Username\nPassword: ********** ← accessed without --field\n\nCustom fields:\n database production ← accessed with --field database\n host db.example.com\n port 5432\n\nCorresponding script access:\n\nUSERNAME=$(rbw get --folder homelab postgres_backup --field Username)\nPASSWORD=$(rbw get --folder homelab postgres_backup)\nDATABASE=$(rbw get --folder homelab postgres_backup --field database)\nHOST=$(rbw get --folder homelab postgres_backup --field host)\nPORT=$(rbw get --folder homelab postgres_backup --field port)" }, { "title": "Error Handling", "body": "Always check exit codes and provide actionable error messages:\n\nVALUE=$(rbw get --folder homelab item --field field 2>/dev/null \\\n || { echo \"ERROR: Cannot read 'field' from vault (homelab/item)\" >&2; exit 1; })\n\nif [ -z \"$VALUE\" ]; then\n echo \"ERROR: Field is empty in vault\" >&2\n exit 1\nfi" }, { "title": "Troubleshooting", "body": "\"agent is locked\" — run rbw unlock.\n\n\"field not found\" — field names are case-sensitive. Inspect the item with rbw get item --raw | jq to see exact names. Then run rbw sync to ensure the vault is current.\n\nSystemd service fails to unlock:\n\nVerify /etc/systemd/rbw-credentials.conf exists with the correct password\nCheck permissions: sudo ls -l /etc/systemd/rbw-credentials.conf (expect root:root 600)\nVerify pinentry config: rbw config show\nTest manually: sudo -u tripleight bash -c 'export RBW_MASTER_PASSWORD=...; rbw unlock'\n\nItem not found — check folder and item names with rbw list --fields \"name,folder\", then rbw sync." }, { "title": "Best Practices", "body": "Always sync before reading to ensure the latest vault state. Always check unlock status before attempting reads to avoid unnecessary prompts. Handle errors explicitly with useful messages. Never hardcode secrets — use rbw for everything. Keep systemd credential files 600 root:root. Use folders to organise items across environments (production, staging, homelab, etc.)." } ], "body": "Quick Reference\nrbw unlock # unlock vault\nrbw list # list all items\nrbw list --fields \"name,folder\" # list with folders\nrbw get item_name # get password\nrbw get --folder folder_name item_name # get from folder\nrbw get --folder folder_name item_name --field url # get specific field\nrbw sync # sync vault\n\nCommand Syntax\nget\nrbw get [OPTIONS] [USER]\n\nOptions:\n --folder Folder to search in\n --field Specific field to retrieve (omit for password)\n --full Include notes in output\n --raw Output as JSON\n --clipboard Copy result to clipboard\n\n\n is a positional argument. [USER] disambiguates when multiple items share the same name. All option flags (--folder, --field, etc.) must precede the positional arguments.\n\nrbw get --folder homelab portainer\nrbw get --folder homelab portainer --field url\nrbw get my_password\nrbw get --folder work email user@example.com # USER disambiguation\n\nlist\nrbw list [OPTIONS]\n\nOptions:\n --fields Fields to display: id, name, user, folder, type\n --raw Output as JSON\n\n\nNote: rbw list does not support --folder filtering. Use rbw list --fields \"name,folder\" and grep if needed.\n\nrbw list --fields \"name,folder\"\nrbw list --raw | jq\n\nadd\nrbw add [OPTIONS] [USER]\n\nOptions:\n --folder Folder for the new entry\n --uri URI for the entry\n\n\nrbw will prompt for the password inline. Notes (if any) open in $EDITOR.\n\nrbw add --folder homelab my_service admin_user\nrbw add --folder homelab --uri https://example.com my_service\n\nField Names\n\nField names are case-sensitive and must match exactly as defined in Vaultwarden.\n\nrbw get --folder homelab item # password (no --field)\nrbw get --folder homelab item --field Username # default Username field (capital U)\nrbw get --folder homelab item --field database # custom field\nrbw get --folder homelab item --field api_key # custom field\n\n\nTo inspect all fields on an item:\n\nrbw get --folder homelab item --raw | jq\n\nAuthentication\nInteractive\n# Check status (exits 0 if unlocked, non-zero if locked)\nrbw unlocked\n\n# Unlock (prompts for master password)\nrbw unlock\n\nNon-Interactive (Systemd/Scripts)\n\nSecurity note: This pattern stores your master password in a plaintext file. Even with 600 permissions and root:root ownership, this is a security tradeoff. For higher-security environments, consider systemd's native LoadCredential= mechanism instead.\n\n1. Create a pinentry wrapper (~/.local/bin/pinentry-rbw-systemd):\n\n#!/usr/bin/env bash\nif [ -n \"$RBW_MASTER_PASSWORD\" ]; then\n echo \"OK Pleased to meet you\"\n while IFS= read -r line; do\n case \"$line\" in\n GETPIN)\n echo \"D $RBW_MASTER_PASSWORD\"\n echo \"OK\"\n ;;\n BYE)\n echo \"OK closing connection\"\n exit 0\n ;;\n *)\n echo \"OK\"\n ;;\n esac\n done\nelse\n exec /usr/bin/pinentry-curses \"$@\"\nfi\n\n\n2. Configure rbw to use it:\n\nchmod +x ~/.local/bin/pinentry-rbw-systemd\nrbw config set pinentry ~/.local/bin/pinentry-rbw-systemd\nrbw config show # verify\n\n\n3. Store master password (/etc/systemd/rbw-credentials.conf, root:root, chmod 600):\n\nRBW_MASTER_PASSWORD=your_master_password_here\n\n\n4. Systemd service:\n\n[Service]\nUser=tripleight\nEnvironmentFile=/etc/systemd/rbw-credentials.conf\nExecStart=/path/to/script.sh\n\n\n5. Script pattern:\n\n#!/usr/bin/env bash\nset -euo pipefail\n\nif ! rbw unlocked 2>/dev/null; then\n rbw unlock || { echo \"ERROR: Failed to unlock rbw\" >&2; exit 1; }\nfi\n\nrbw sync\n\nUSERNAME=$(rbw get --folder homelab service_name --field Username 2>/dev/null \\\n || { echo \"ERROR: Cannot read username (homelab/service_name)\" >&2; exit 1; })\nPASSWORD=$(rbw get --folder homelab service_name 2>/dev/null \\\n || { echo \"ERROR: Cannot read password (homelab/service_name)\" >&2; exit 1; })\n\ncurl -u \"$USERNAME:$PASSWORD\" https://api.example.com\n\nVaultwarden Item Setup\n\nA typical item used with rbw:\n\nFolder: homelab\nName: postgres_backup\nType: Login\nUsername: postgres ← accessed with --field Username\nPassword: ********** ← accessed without --field\n\nCustom fields:\n database production ← accessed with --field database\n host db.example.com\n port 5432\n\n\nCorresponding script access:\n\nUSERNAME=$(rbw get --folder homelab postgres_backup --field Username)\nPASSWORD=$(rbw get --folder homelab postgres_backup)\nDATABASE=$(rbw get --folder homelab postgres_backup --field database)\nHOST=$(rbw get --folder homelab postgres_backup --field host)\nPORT=$(rbw get --folder homelab postgres_backup --field port)\n\nError Handling\n\nAlways check exit codes and provide actionable error messages:\n\nVALUE=$(rbw get --folder homelab item --field field 2>/dev/null \\\n || { echo \"ERROR: Cannot read 'field' from vault (homelab/item)\" >&2; exit 1; })\n\nif [ -z \"$VALUE\" ]; then\n echo \"ERROR: Field is empty in vault\" >&2\n exit 1\nfi\n\nTroubleshooting\n\n\"agent is locked\" — run rbw unlock.\n\n\"field not found\" — field names are case-sensitive. Inspect the item with rbw get item --raw | jq to see exact names. Then run rbw sync to ensure the vault is current.\n\nSystemd service fails to unlock:\n\nVerify /etc/systemd/rbw-credentials.conf exists with the correct password\nCheck permissions: sudo ls -l /etc/systemd/rbw-credentials.conf (expect root:root 600)\nVerify pinentry config: rbw config show\nTest manually: sudo -u tripleight bash -c 'export RBW_MASTER_PASSWORD=...; rbw unlock'\n\nItem not found — check folder and item names with rbw list --fields \"name,folder\", then rbw sync.\n\nBest Practices\n\nAlways sync before reading to ensure the latest vault state. Always check unlock status before attempting reads to avoid unnecessary prompts. Handle errors explicitly with useful messages. Never hardcode secrets — use rbw for everything. Keep systemd credential files 600 root:root. Use folders to organise items across environments (production, staging, homelab, etc.)." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/TriplEight/rbw", "publisherUrl": "https://clawhub.ai/TriplEight/rbw", "owner": "TriplEight", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/rbw", "downloadUrl": "https://openagent3.xyz/downloads/rbw", "agentUrl": "https://openagent3.xyz/skills/rbw/agent", "manifestUrl": "https://openagent3.xyz/skills/rbw/agent.json", "briefUrl": "https://openagent3.xyz/skills/rbw/agent.md" } }