# Send Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns. to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "rbw", "name": "Securely interact with Bitwarden/Vaultwarden vaults using rbw CLI. Use when retrieving credentials, managing vault items, or integrating secrets into scripts/systemd services. Handles authentication, field access, and non-interactive operation patterns.", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/TriplEight/rbw", "canonicalUrl": "https://clawhub.ai/TriplEight/rbw", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/rbw", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=rbw", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "rbw", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-08T14:57:05.960Z", "expiresAt": "2026-05-15T14:57:05.960Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=rbw", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=rbw", "contentDisposition": "attachment; filename=\"rbw-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "rbw" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/rbw" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/rbw", "downloadUrl": "https://openagent3.xyz/downloads/rbw", "agentUrl": "https://openagent3.xyz/skills/rbw/agent", "manifestUrl": "https://openagent3.xyz/skills/rbw/agent.json", "briefUrl": "https://openagent3.xyz/skills/rbw/agent.md" } } ``` ## Documentation ### Quick Reference rbw unlock # unlock vault rbw list # list all items rbw list --fields "name,folder" # list with folders rbw get item_name # get password rbw get --folder folder_name item_name # get from folder rbw get --folder folder_name item_name --field url # get specific field rbw sync # sync vault ### get rbw get [OPTIONS] [USER] Options: --folder Folder to search in --field Specific field to retrieve (omit for password) --full Include notes in output --raw Output as JSON --clipboard Copy result to clipboard is a positional argument. [USER] disambiguates when multiple items share the same name. All option flags (--folder, --field, etc.) must precede the positional arguments. rbw get --folder homelab portainer rbw get --folder homelab portainer --field url rbw get my_password rbw get --folder work email user@example.com # USER disambiguation ### list rbw list [OPTIONS] Options: --fields Fields to display: id, name, user, folder, type --raw Output as JSON Note: rbw list does not support --folder filtering. Use rbw list --fields "name,folder" and grep if needed. rbw list --fields "name,folder" rbw list --raw | jq ### add rbw add [OPTIONS] [USER] Options: --folder Folder for the new entry --uri URI for the entry rbw will prompt for the password inline. Notes (if any) open in $EDITOR. rbw add --folder homelab my_service admin_user rbw add --folder homelab --uri https://example.com my_service ### Field Names Field names are case-sensitive and must match exactly as defined in Vaultwarden. rbw get --folder homelab item # password (no --field) rbw get --folder homelab item --field Username # default Username field (capital U) rbw get --folder homelab item --field database # custom field rbw get --folder homelab item --field api_key # custom field To inspect all fields on an item: rbw get --folder homelab item --raw | jq ### Interactive # Check status (exits 0 if unlocked, non-zero if locked) rbw unlocked # Unlock (prompts for master password) rbw unlock ### Non-Interactive (Systemd/Scripts) Security note: This pattern stores your master password in a plaintext file. Even with 600 permissions and root:root ownership, this is a security tradeoff. For higher-security environments, consider systemd's native LoadCredential= mechanism instead. 1. Create a pinentry wrapper (~/.local/bin/pinentry-rbw-systemd): #!/usr/bin/env bash if [ -n "$RBW_MASTER_PASSWORD" ]; then echo "OK Pleased to meet you" while IFS= read -r line; do case "$line" in GETPIN) echo "D $RBW_MASTER_PASSWORD" echo "OK" ;; BYE) echo "OK closing connection" exit 0 ;; *) echo "OK" ;; esac done else exec /usr/bin/pinentry-curses "$@" fi 2. Configure rbw to use it: chmod +x ~/.local/bin/pinentry-rbw-systemd rbw config set pinentry ~/.local/bin/pinentry-rbw-systemd rbw config show # verify 3. Store master password (/etc/systemd/rbw-credentials.conf, root:root, chmod 600): RBW_MASTER_PASSWORD=your_master_password_here 4. Systemd service: [Service] User=tripleight EnvironmentFile=/etc/systemd/rbw-credentials.conf ExecStart=/path/to/script.sh 5. Script pattern: #!/usr/bin/env bash set -euo pipefail if ! rbw unlocked 2>/dev/null; then rbw unlock || { echo "ERROR: Failed to unlock rbw" >&2; exit 1; } fi rbw sync USERNAME=$(rbw get --folder homelab service_name --field Username 2>/dev/null \\ || { echo "ERROR: Cannot read username (homelab/service_name)" >&2; exit 1; }) PASSWORD=$(rbw get --folder homelab service_name 2>/dev/null \\ || { echo "ERROR: Cannot read password (homelab/service_name)" >&2; exit 1; }) curl -u "$USERNAME:$PASSWORD" https://api.example.com ### Vaultwarden Item Setup A typical item used with rbw: Folder: homelab Name: postgres_backup Type: Login Username: postgres ← accessed with --field Username Password: ********** ← accessed without --field Custom fields: database production ← accessed with --field database host db.example.com port 5432 Corresponding script access: USERNAME=$(rbw get --folder homelab postgres_backup --field Username) PASSWORD=$(rbw get --folder homelab postgres_backup) DATABASE=$(rbw get --folder homelab postgres_backup --field database) HOST=$(rbw get --folder homelab postgres_backup --field host) PORT=$(rbw get --folder homelab postgres_backup --field port) ### Error Handling Always check exit codes and provide actionable error messages: VALUE=$(rbw get --folder homelab item --field field 2>/dev/null \\ || { echo "ERROR: Cannot read 'field' from vault (homelab/item)" >&2; exit 1; }) if [ -z "$VALUE" ]; then echo "ERROR: Field is empty in vault" >&2 exit 1 fi ### Troubleshooting "agent is locked" — run rbw unlock. "field not found" — field names are case-sensitive. Inspect the item with rbw get item --raw | jq to see exact names. Then run rbw sync to ensure the vault is current. Systemd service fails to unlock: Verify /etc/systemd/rbw-credentials.conf exists with the correct password Check permissions: sudo ls -l /etc/systemd/rbw-credentials.conf (expect root:root 600) Verify pinentry config: rbw config show Test manually: sudo -u tripleight bash -c 'export RBW_MASTER_PASSWORD=...; rbw unlock' Item not found — check folder and item names with rbw list --fields "name,folder", then rbw sync. ### Best Practices Always sync before reading to ensure the latest vault state. Always check unlock status before attempting reads to avoid unnecessary prompts. Handle errors explicitly with useful messages. Never hardcode secrets — use rbw for everything. Keep systemd credential files 600 root:root. Use folders to organise items across environments (production, staging, homelab, etc.). ## Trust - Source: tencent - Verification: Indexed source record - Publisher: TriplEight - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-08T14:57:05.960Z - Expires at: 2026-05-15T14:57:05.960Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/rbw) - [Send to Agent page](https://openagent3.xyz/skills/rbw/agent) - [JSON manifest](https://openagent3.xyz/skills/rbw/agent.json) - [Markdown brief](https://openagent3.xyz/skills/rbw/agent.md) - [Download page](https://openagent3.xyz/downloads/rbw)