bitwarden
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- Remote Code Execution (CRITICAL): The skill explicitly instructs users to run
curl -sSL https://canifi.com/skills/bitwarden/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. This piped remote execution pattern from an untrusted source allows for arbitrary code execution on the user's host machine. - Credentials Unsafe (HIGH): The setup process involves hardcoding or setting environment variables for highly sensitive secrets, including
BW_SESSION,BW_CLIENTSECRET, andSERVICE_PASSWORD. - Data Exfiltration (HIGH): Because the skill has the capability to 'Get Secrets' and 'Send Files', a malicious script executed via the RCE vulnerability could programmatically dump and exfiltrate the user's entire Bitwarden vault.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data (passwords/usernames to be stored) through user prompts without visible boundary markers or sanitization, creating a surface for injection attacks, although the impact is secondary to the RCE. Ingestion points: Usage examples for creating/retrieving items. Boundary markers: Absent. Capability inventory: Bitwarden CLI access and file sharing. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/skills/bitwarden/install.sh, https://canifi.com/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata