Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

bitwarden

Estrellas0

Forks0

Actualizado23 de mayo de 2026, 06:59

Use whenever the user mentions Bitwarden — vault items, logins, passwords, secure notes, cards, identities, folders, collections, attachments, Sends, organizations (members, groups, policies, collections, events, subscription, device approvals), password/passphrase generation, vault sync/lock/unlock, BW_SESSION handling, the Bitwarden CLI (`bw`), or the Bitwarden MCP server. Prefer the MCP tools (`mcp__bitwarden__*`) over shelling out to `bw`; only fall back to the CLI for session lifecycle (unlock/lock/status) and operations the MCP server does not expose.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

Ejecutar en Manus

Fuente

jmagar

jmagar/.agents

Abrir repositorio de GitHub Ver repositorios del creador

Descarga

Ejecutar en Manus

Ocupaciones relacionadasSOC

Basado en la clasificación ocupacional SOC

Desarrolladores de softwareOcupaciones informáticas y matemáticas·SOC 15-1252

Explorador de archivos

7 archivos

SKILL.md

readonly

Más de este repositorio

mismo repositorio

android-app-testing

jmagar/.agents

Use when the user wants to live-test an Android APK end-to-end on an emulator/device and get a works/doesn't-work + UI/UX report — driving the real app, not writing test code. Triggers: "test my Android app", "QA this APK", "run the app on the emulator and tell me what breaks", "click through every screen", "review the app's UX", "does my APK work", "test the built APK". Installs/launches the APK, enumerates screens from the accessibility tree, exercises each feature via adb (tap/type/swipe/launch), watches logcat for crashes/ANRs, captures screenshots + UI dumps, and emits a structured report. Primary path is direct local adb; optional richer path via claude-in-mobile. Sibling of web-app-testing and desktop-app-testing (shared report format). Does NOT fire for: building/coding an Android app (use claude-android-ninja / jetpack-compose-expert), iOS, or unit tests.

2026-05-300

desktop-app-testing

jmagar/.agents

Use when the user wants to live-test a built Windows desktop application (.exe) end-to-end inside the agent-os Windows 11 VM and get a works/doesn't-work + UI/UX report — launching the real binary and driving it, not writing test code. Triggers: "test my Windows app", "QA this .exe", "run my desktop build on agent-os and tell me what breaks", "click through the app", "review the desktop app's UX", "does my exe work", "test the built binary in the Windows VM". Gets the .exe into the VM, launches it, enumerates controls from the UI Automation tree, drives every feature (click/type by element), watches for crashes/hangs/error dialogs, captures screenshots + control-tree dumps, and emits a structured report. Drives the agent-os VM via the Windows-MCP gateway. Sibling of web-app-testing and android-app-testing (shared report format). Does NOT fire for: building/coding a desktop app, the user's personal Windows on steamy (use nircmd), or general agent-os VM driving (use agent-os).

2026-05-300

web-app-testing

jmagar/.agents

Use when the user wants to live-test a WEB app/site end-to-end in a real browser and get a works/doesn't-work + UI/UX report — not just write Playwright code. Triggers: "test my web app", "QA this site", "run E2E on the web app", "click through every feature and tell me what breaks", "review the UX of this web app", "does my web app work", "test the deployed site". Drives a real Chrome via Playwright over CDP (default http://127.0.0.1:9222), enumerates features from the DOM/ARIA tree, exercises each, captures screenshots + console/page/network errors, and emits a structured report. Sibling of android-app-testing and desktop-app-testing (shared report format). Does NOT fire for: writing a one-off Playwright script (use webwright), pure web design/build with no testing, or backend/API-only testing.

2026-05-300

broadcastr

jmagar/.agents

Read or interact with the broadcastr activity feed across concurrent Claude sessions. Use when the user says "what are other agents doing", "show recent activity", "mute plan-exec notifications", "what's on the bus", "broadcastr status", "tail broadcastr", "emit a manual broadcastr event", or asks why a notification appeared. Also use to disable broadcastr in the current session (BROADCASTR_DISABLED=1) or check the global feed. Does NOT fire on generic "show me activity" or "what's happening" unless broadcastr is explicitly named.

2026-05-270

work-it

jmagar/.agents

Use when the user asks to "work it", execute a superpowers executing-plans document in a worktree, create a PR as soon as the implemented plan is green, or run a complete review-and-fix loop over all touched files.

2026-05-260

yt-dlp

jmagar/.agents

Use when the user asks to download, archive, search, inspect, or organize media with yt-dlp, MeTube, YouTube, playlists, channels, supported video sites, audio extraction, metadata, thumbnails, subtitles, Plex yt-dlp libraries, or NAS media downloads.

2026-05-260

name

bitwarden

description

Bitwarden

This skill covers two surfaces:

mcp__bitwarden__* tools — the primary interface for vault, Send, and organization operations. Prefer these.
bw CLI — used by the bundled session wrapper for unlock/lock/status, and as a fallback for anything the MCP server does not expose (e.g. bw export, bw import, bw receive, bw serve, bw config).

Scope: this skill covers Bitwarden Password Manager (bw and @bitwarden/mcp-server). It does not cover Bitwarden Secrets Manager (bws, machine accounts, projects). If the user asks about bws or machine-account secrets, say so and stop.

Never store BW_SESSION in .mcp.json, .env, shell history, or committed files. The runtime token lives in a single XDG runtime path managed by the session wrapper.

Session lifecycle

The Bitwarden MCP server requires an unlocked CLI session. Manage it with:

SKILL_DIR=/home/jmagar/.agents/src/skills/bitwarden
"$SKILL_DIR/scripts/session" unlock   # prompt for master password, write runtime token
"$SKILL_DIR/scripts/session" ensure   # prompt only when token is missing or stale
"$SKILL_DIR/scripts/session" status   # verify the saved token is still valid
"$SKILL_DIR/scripts/session" lock     # invalidate token and remove runtime file
"$SKILL_DIR/scripts/session" path     # print the runtime token path

Token path: ${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/bitwarden-mcp/session.

If the MCP server fails to connect or any tool returns an auth error, run scripts/session status first; if that fails, run scripts/session ensure and retry.

Install managed launch wrappers for claude, codex, and gemini with:

/home/jmagar/.agents/src/skills/bitwarden/scripts/install-shell-wrappers

Use --rc PATH for custom shell files, such as Oh My Zsh custom alias files.

MCP entrypoint

Configure Claude Code to launch:

/home/jmagar/.agents/src/skills/bitwarden/bin/bitwarden-mcp

The wrapper reads the runtime session file, validates it with bw unlock --check, and starts the pinned @bitwarden/mcp-server package.

Choosing a tool

Use this decision order:

An mcp__bitwarden__* tool exists for the operation → use it. The MCP server already passes the unlocked session and returns structured JSON.
The operation is session lifecycle (unlock/lock/status/path) → use scripts/session.
The operation is not exposed by the MCP server (e.g. bw export, bw import, bw receive, bw serve, bw config server, bw completion, bw update, bw sdk-version) → call bw directly. The MCP wrapper exports BW_SESSION only into its own child process; it does not leak into your shell. To run bw directly, either install the launch wrappers (scripts/install-shell-wrappers) or export the session manually:
```
export BW_SESSION="$(<"$(/home/jmagar/.agents/src/skills/bitwarden/scripts/session path)")"
```

When in doubt, check mcp__bitwarden__* tool names first — the catalog below is exhaustive for the operations the server supports.

MCP tool catalog

Tool names are mcp__bitwarden__<name>. Group by area:

Vault items

list — items, folders, collections, organizations, org-collections, org-members (filter by search, folderid, collectionid, url, trash, organizationid)
get — item, username, password, uri, totp, notes, exposed, attachment, folder, collection, organization, org-collection, fingerprint (use id: "me" for your own fingerprint)
create_item — type 1 login, 2 secure note, 3 card, 4 identity (provide the matching sub-object)
edit_item, edit_item_collections
delete — item | attachment | folder | org-collection; pass permanent: true to skip trash
restore — restore an item from trash
move — share an item to an organization (formerly share)

Folders

create_folder, edit_folder

Attachments

create_attachment (use delete with object: "attachment" to remove)

Sends

create_text_send, create_file_send
list_send, get_send, edit_send, delete_send, remove_send_password

Generation

generate — password or passphrase; flags include length, uppercase, lowercase, number, special, passphrase, words, separator, capitalize

Vault state

status — server, sync, account, vault status
sync — pull latest vault data
lock — lock the vault. The saved runtime token is invalidated server-side, so subsequent MCP calls fail until you re-unlock. Use scripts/session lock to also remove the runtime file, or scripts/session ensure to re-unlock.

Organizations — collections

list_org_collections, get_org_collection, create_org_collection, edit_org_collection, update_org_collection, delete_org_collection

Organizations — groups

list_org_groups, get_org_group, get_org_group_members, create_org_group, update_org_group, update_org_group_members, delete_org_group

Organizations — members

list_org_members, get_org_member, get_org_member_groups, invite_org_member, update_org_member, update_org_member_groups, confirm, reinvite_org_member, revoke_org_member, restore_org_member, remove_org_member

Organizations — policies, events, subscription

list_org_policies, get_org_policy, update_org_policy
get_org_events (requires start and end ISO 8601 timestamps)
get_org_subscription, update_org_subscription

Organizations — device approval (SSO trusted devices)

device_approval_list, device_approval_approve, device_approval_approve_all, device_approval_deny, device_approval_deny_all

Organizations — bulk import

import_org_users_and_groups — set overwriteExisting and (for >2000 entries) largeImport: true

`bw` CLI surface (fallback only)

The CLI exposes the following top-level commands. Use them only when the MCP catalog above does not cover the need:

sdk-version  login  logout  lock  unlock  sync  generate  encode
config  update  completion  status  list  get  create  edit  delete
restore  move  confirm  import  export  share (deprecated)  send
receive  device-approval  serve  help

Common fallback cases:

bw export [--format json|csv|encrypted_json] [--output PATH] — backup the vault.
bw import <format> <input> — restore from a vault export.
bw receive <url> [--password PWD] [--output PATH] — fetch a Bitwarden Send.
bw serve --port N — local REST API for tooling that cannot speak MCP.
bw config server <url> — point the CLI at a self-hosted Bitwarden instance.
bw encode — base64-encode JSON for create/edit when scripting against the CLI.

For everything else (list, get, create, edit, delete, move, confirm, generate, status, sync, lock, send, and the device_approval_* tools), prefer the MCP tool of the same name.

Secret-handling rules

Never echo, log, or paste a password, passphrase, TOTP seed, attachment payload, recovery code, master password, or BW_SESSION value into chat unless the user explicitly asks for that exact field. Never accept a master password pasted into chat — always prompt via the CLI (scripts/session unlock).
When listing or summarising items, return names, IDs, URIs, usernames, folders, collections, and timestamps — redact password, totp, notes (when marked sensitive), card numbers, CVVs, and identity SSNs.
For generate, return the generated value once and do not also store it; if the user wants it saved, follow up with create_item and discard the local copy.
Treat anything returned from get item as sensitive by default; surface only the field the user asked for.
Sends: a Send URL contains an access key in its # fragment — treat the full URL as a secret. Do not paste full Send URLs, Send passwords, or remove_send_password results into chat unless asked.
Attachments: file contents and filenames that imply sensitive material (recovery-codes.txt, private-key.pem, etc.) are themselves a leak — describe rather than display.
get_org_events: audit-log responses include IPs, device IDs, and member emails. Summarise counts and event types by default; surface raw rows only on request.
bw export: default to --format encrypted_json. The json and csv formats produce a plaintext vault — never pipe them to chat, and warn the user before writing them to disk.

Companion commands

The plugin ships interactive commands in commands/ that wrap the most common safe workflows:

/bw-list — list non-secret Bitwarden objects.
/bw-get — retrieve an object or specific field, redacting secrets unless explicitly requested.
/bw-generate — generate a password or passphrase without storing it.

bitwarden

Más de este repositorio

Más de este repositorio

Bitwarden

Session lifecycle

MCP entrypoint

Choosing a tool

MCP tool catalog

bw CLI surface (fallback only)

Secret-handling rules

Companion commands

Bitwarden

Session lifecycle

MCP entrypoint

Choosing a tool

MCP tool catalog

bw CLI surface (fallback only)

Secret-handling rules

Companion commands

`bw` CLI surface (fallback only)

`bw` CLI surface (fallback only)