Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

DavidROliverBA/.claude/skills/secrets

Name: .claude/skills/secrets
Author: DavidROliverBA

.claude/skills/secrets/SKILL.md

npx skillsauth add DavidROliverBA/ArchitectKB .claude/skills/secrets

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Secrets Management Skill

Manage credentials securely via Bitwarden. This vault does NOT store credentials - all secrets are kept in Bitwarden and accessed on-demand.

Configuration

By default, secrets are stored in a Bitwarden folder called "Obsidian Vault". You can customise this by setting BITWARDEN_FOLDER in your environment or updating the folder name in the commands below.

Commands

| Command | Description | | --------------------- | ---------------------------------------------------- | | /secrets status | Check Bitwarden CLI status and session | | /secrets get <name> | Retrieve a secret by name from Bitwarden | | /secrets list | List all secrets in your configured Bitwarden folder | | /secrets env | Output export commands for all vault secrets | | /secrets setup | Guide through initial Bitwarden CLI setup |

Implementation

`/secrets status`

Check Bitwarden CLI installation and session status:

# Check if Bitwarden CLI is installed
if ! command -v bw &> /dev/null; then
    echo "Bitwarden CLI not installed"
    echo "   Install with: brew install bitwarden-cli"
    exit 1
fi

# Check login and lock status
STATUS=$(bw status)
echo "$STATUS" | jq -r '"Status: \(.status)"'

Report to user:

CLI installed: yes/no
Logged in: yes/no
Vault: locked/unlocked
If not set up, suggest /secrets setup

`/secrets get <name>`

Ensure Bitwarden is unlocked:

BW_SESSION=$(bw unlock --raw 2>/dev/null)
if [ -z "$BW_SESSION" ]; then
    echo "Please unlock Bitwarden first: bw unlock"
    exit 1
fi

Retrieve the item:

ITEM=$(bw get item "$SECRET_NAME" --session "$BW_SESSION" 2>/dev/null)
if [ -z "$ITEM" ]; then
    echo "Secret '$SECRET_NAME' not found"
    exit 1
fi

Extract based on type:

TYPE=$(echo "$ITEM" | jq -r '.type')
if [ "$TYPE" = "2" ]; then
    # Secure Note - return notes field
    echo "$ITEM" | jq -r '.notes'
else
    # Login - offer username/password
    echo "Username: $(echo "$ITEM" | jq -r '.login.username')"
    echo "Password: [hidden - use --show-password to display]"
fi

CRITICAL: Never store retrieved secrets in files or conversation history. Display once and advise user to copy immediately.

`/secrets list`

# Set your Bitwarden folder name (customise as needed)
FOLDER_NAME="${BITWARDEN_FOLDER:-Obsidian Vault}"

BW_SESSION=$(bw unlock --raw)
FOLDER_ID=$(bw get folder "$FOLDER_NAME" --session "$BW_SESSION" | jq -r '.id')
bw list items --folderid "$FOLDER_ID" --session "$BW_SESSION" | jq -r '.[] | "\(.name) (\(if .type == 2 then "note" else "login" end))"'

Display as formatted table with Name and Type columns.

`/secrets env`

Generate environment variable export commands:

# Set your Bitwarden folder name (customise as needed)
FOLDER_NAME="${BITWARDEN_FOLDER:-Obsidian Vault}"

BW_SESSION=$(bw unlock --raw)
FOLDER_ID=$(bw get folder "$FOLDER_NAME" --session "$BW_SESSION" | jq -r '.id')

# Get all Secure Notes in the folder
bw list items --folderid "$FOLDER_ID" --session "$BW_SESSION" | \
  jq -r '.[] | select(.type == 2) |
    "export " + (.name | gsub(" "; "_") | gsub("-"; "_") | ascii_upcase) + "=\"" + (.notes | gsub("\n"; "\\n") | gsub("\""; "\\\"")) + "\""'

Output format:

# Bitwarden secrets for your vault
# Run: eval "$(/secrets env)" or copy/paste below

export ANTHROPIC_API_KEY="<your-key>"  # pragma: allowlist secret
export OPENAI_API_KEY="<your-key>"     # pragma: allowlist secret
export GITHUB_PAT="<your-token>"       # pragma: allowlist secret

# These are session-only - not persisted to disk

`/secrets setup`

Guide the user through setup:

Check/Install CLI:
```
brew install bitwarden-cli
```
Login:
```
bw login
# Or for SSO: bw login --sso
```
Unlock vault:
```
export BW_SESSION=$(bw unlock --raw)
```
Verify access:
```
bw list folders --session $BW_SESSION
```

Create your vault folder (if it doesn't exist):

# Create a folder for your vault secrets
bw create folder '{"name":"Obsidian Vault"}' --session $BW_SESSION

Import secrets (if migrating from Atomic Notes):
```
bw import bitwardencsv bitwarden-import.csv
```

Add shell alias (optional):

echo 'alias bw-unlock="export BW_SESSION=\$(bw unlock --raw)"' >> ~/.zshrc

Environment Variable Naming Convention

| Bitwarden Item Name | Environment Variable | | ------------------- | ----------------------- | | Anthropic API Key | ANTHROPIC_API_KEY | | Open AI Key | OPENAI_API_KEY | | GitHub PAT | GITHUB_PAT | | AWS Access Key | AWS_ACCESS_KEY_ID | | AWS Secret Key | AWS_SECRET_ACCESS_KEY | | Notion Token | NOTION_TOKEN |

Custom mappings can be added to .claude/config.local.json:

{
  "secrets": {
    "folderName": "My Custom Folder",
    "envMapping": {
      "My Custom Item": "CUSTOM_VAR"
    }
  }
}

Security Rules

Never write secrets to files in this vault
Never include secrets in commit messages or code comments
Never display secrets in full unless explicitly requested
Session keys are temporary - they expire and must be refreshed
Delete CSV immediately after Bitwarden import
Rotate credentials that were ever in git history

Integration with Scripts

Scripts should read from environment variables, not files:

Python:

import os

api_key = os.environ.get('ANTHROPIC_API_KEY')
if not api_key:
    raise ValueError("ANTHROPIC_API_KEY not set. Run: /secrets env")

JavaScript/Node.js:

const apiKey = process.env.ANTHROPIC_API_KEY;
if (!apiKey) {
  throw new Error("ANTHROPIC_API_KEY not set. Run: /secrets env");
}

Bash:

if [ -z "$ANTHROPIC_API_KEY" ]; then
    echo "ANTHROPIC_API_KEY not set. Run: /secrets env"
    exit 1
fi

Quick Reference

# One-time setup
brew install bitwarden-cli
bw login

# Each session
export BW_SESSION=$(bw unlock --raw)

# Get a secret
bw get item "Anthropic API Key" --session $BW_SESSION | jq -r '.notes'

# List all vault secrets (update folder name as needed)
FOLDER_NAME="Obsidian Vault"
bw list items --folderid $(bw get folder "$FOLDER_NAME" --session $BW_SESSION | jq -r '.id') --session $BW_SESSION | jq -r '.[].name'

scripts/migrate-to-bitwarden.cjs - Export Atomic Notes to Bitwarden CSV

DavidROliverBA/.claude/skills/secrets

.claude/skills/secrets/SKILL.md

Manage secrets via Bitwarden - retrieve credentials, set up environment variables

41 stars

tools

Updated Apr 16, 2026

$ install --global

skillsauth

npx skillsauth add DavidROliverBA/ArchitectKB .claude/skills/secrets

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 16, 2026, 6:25 PM9.6s1 file scanned

SKILL.md

skill:: secrets
description:: Manage secrets via Bitwarden - retrieve credentials, set up environment variables
version:: 1.0.0

Secrets Management Skill

Manage credentials securely via Bitwarden. This vault does NOT store credentials - all secrets are kept in Bitwarden and accessed on-demand.

Configuration

Commands

Implementation

`/secrets status`

Check Bitwarden CLI installation and session status:

# Check if Bitwarden CLI is installed
if ! command -v bw &> /dev/null; then
    echo "Bitwarden CLI not installed"
    echo "   Install with: brew install bitwarden-cli"
    exit 1
fi

# Check login and lock status
STATUS=$(bw status)
echo "$STATUS" | jq -r '"Status: \(.status)"'

Report to user:

CLI installed: yes/no
Logged in: yes/no
Vault: locked/unlocked
If not set up, suggest /secrets setup

`/secrets get <name>`

Ensure Bitwarden is unlocked:

BW_SESSION=$(bw unlock --raw 2>/dev/null)
if [ -z "$BW_SESSION" ]; then
    echo "Please unlock Bitwarden first: bw unlock"
    exit 1
fi

Retrieve the item:

ITEM=$(bw get item "$SECRET_NAME" --session "$BW_SESSION" 2>/dev/null)
if [ -z "$ITEM" ]; then
    echo "Secret '$SECRET_NAME' not found"
    exit 1
fi

Extract based on type:

TYPE=$(echo "$ITEM" | jq -r '.type')
if [ "$TYPE" = "2" ]; then
    # Secure Note - return notes field
    echo "$ITEM" | jq -r '.notes'
else
    # Login - offer username/password
    echo "Username: $(echo "$ITEM" | jq -r '.login.username')"
    echo "Password: [hidden - use --show-password to display]"
fi

CRITICAL: Never store retrieved secrets in files or conversation history. Display once and advise user to copy immediately.

`/secrets list`

# Set your Bitwarden folder name (customise as needed)
FOLDER_NAME="${BITWARDEN_FOLDER:-Obsidian Vault}"

BW_SESSION=$(bw unlock --raw)
FOLDER_ID=$(bw get folder "$FOLDER_NAME" --session "$BW_SESSION" | jq -r '.id')
bw list items --folderid "$FOLDER_ID" --session "$BW_SESSION" | jq -r '.[] | "\(.name) (\(if .type == 2 then "note" else "login" end))"'

Display as formatted table with Name and Type columns.

`/secrets env`

Generate environment variable export commands:

# Set your Bitwarden folder name (customise as needed)
FOLDER_NAME="${BITWARDEN_FOLDER:-Obsidian Vault}"

BW_SESSION=$(bw unlock --raw)
FOLDER_ID=$(bw get folder "$FOLDER_NAME" --session "$BW_SESSION" | jq -r '.id')

# Get all Secure Notes in the folder
bw list items --folderid "$FOLDER_ID" --session "$BW_SESSION" | \
  jq -r '.[] | select(.type == 2) |
    "export " + (.name | gsub(" "; "_") | gsub("-"; "_") | ascii_upcase) + "=\"" + (.notes | gsub("\n"; "\\n") | gsub("\""; "\\\"")) + "\""'

Output format:

# Bitwarden secrets for your vault
# Run: eval "$(/secrets env)" or copy/paste below

export ANTHROPIC_API_KEY="<your-key>"  # pragma: allowlist secret
export OPENAI_API_KEY="<your-key>"     # pragma: allowlist secret
export GITHUB_PAT="<your-token>"       # pragma: allowlist secret

# These are session-only - not persisted to disk

`/secrets setup`

Guide the user through setup:

Check/Install CLI:
```
brew install bitwarden-cli
```
Login:
```
bw login
# Or for SSO: bw login --sso
```
Unlock vault:
```
export BW_SESSION=$(bw unlock --raw)
```
Verify access:
```
bw list folders --session $BW_SESSION
```

Create your vault folder (if it doesn't exist):

# Create a folder for your vault secrets
bw create folder '{"name":"Obsidian Vault"}' --session $BW_SESSION

Import secrets (if migrating from Atomic Notes):
```
bw import bitwardencsv bitwarden-import.csv
```

Add shell alias (optional):

echo 'alias bw-unlock="export BW_SESSION=\$(bw unlock --raw)"' >> ~/.zshrc

Environment Variable Naming Convention

Custom mappings can be added to .claude/config.local.json:

{
  "secrets": {
    "folderName": "My Custom Folder",
    "envMapping": {
      "My Custom Item": "CUSTOM_VAR"
    }
  }
}

Security Rules

Never write secrets to files in this vault
Never include secrets in commit messages or code comments
Never display secrets in full unless explicitly requested
Session keys are temporary - they expire and must be refreshed
Delete CSV immediately after Bitwarden import
Rotate credentials that were ever in git history

Integration with Scripts

Scripts should read from environment variables, not files:

Python:

import os

api_key = os.environ.get('ANTHROPIC_API_KEY')
if not api_key:
    raise ValueError("ANTHROPIC_API_KEY not set. Run: /secrets env")

JavaScript/Node.js:

const apiKey = process.env.ANTHROPIC_API_KEY;
if (!apiKey) {
  throw new Error("ANTHROPIC_API_KEY not set. Run: /secrets env");
}

Bash:

if [ -z "$ANTHROPIC_API_KEY" ]; then
    echo "ANTHROPIC_API_KEY not set. Run: /secrets env"
    exit 1
fi

Quick Reference

# One-time setup
brew install bitwarden-cli
bw login

# Each session
export BW_SESSION=$(bw unlock --raw)

# Get a secret
bw get item "Anthropic API Key" --session $BW_SESSION | jq -r '.notes'

# List all vault secrets (update folder name as needed)
FOLDER_NAME="Obsidian Vault"
bw list items --folderid $(bw get folder "$FOLDER_NAME" --session $BW_SESSION | jq -r '.id') --session $BW_SESSION | jq -r '.[].name'

scripts/migrate-to-bitwarden.cjs - Export Atomic Notes to Bitwarden CSV

Related Skills

DavidROliverBA/.claude/skills/youtube

tools

VerifiedTrustedCommunity

--- context: fork --- # /youtube Save a YouTube video as both a Weblink (quick reference) and a detailed Page (full analysis). ## Usage ``` /youtube <url> /youtube <url> <optional title override> ``` ## Examples ``` /youtube https://www.youtube.com/watch?v=0TpON5T-Sw4 /youtube https://youtu.be/abc123 AWS re:Invent Keynote ``` ## Prerequisites This skill uses the MCP Docker YouTube tools: - `mcp__MCP_DOCKER__get_video_info` - Video metadata - `mcp__MCP_DOCKER__get_transcript` - Full trans

41SKILL.mdUpdated Apr 16, 2026

DavidROliverBA/.claude/skills/youtube

DavidROliverBA/worktree

data-ai

VerifiedTrustedCommunity

Create and manage git worktrees for parallel agent sessions

41SKILL.mdUpdated Apr 16, 2026

DavidROliverBA/worktree

DavidROliverBA/.claude/skills/wipe

testing

VerifiedTrustedCommunity

--- context: fork --- # /wipe Generate a context handoff summary, clear the session, and resume in a fresh conversation. Detects environment and provides automated (tmux) or manual workflow. ## Usage ``` /wipe /wipe quick # Minimal handoff, just essentials /wipe detailed # Comprehensive handoff with full context ``` ## Instructions When the user invokes `/wipe`: ### Phase 1: Detect Environment First, check the terminal environment: ```bash echo "Environment Detection:"

41SKILL.mdUpdated Apr 16, 2026

DavidROliverBA/.claude/skills/wipe

DavidROliverBA/.claude/skills/weekly-summary

data-ai

VerifiedTrustedCommunity

--- context: fork --- # /weekly-summary Generate comprehensive weekly summary from daily notes, meetings, tasks, and project updates using parallel sub-agents. ## Usage ``` /weekly-summary /weekly-summary --last-week /weekly-summary --from 2026-01-01 --to 2026-01-07 /weekly-summary --output page # Create Page note instead of just outputting ``` ## Instructions This skill uses **5 parallel sub-agents** to gather data concurrently from different vault areas, then synthesizes a comprehensi

41SKILL.mdUpdated Apr 16, 2026

DavidROliverBA/.claude/skills/weekly-summary

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/DavidROliverBA/ArchitectKB.git

# Copy into Claude Code skills folder (global)
cp -r ArchitectKB/.claude/skills/secrets ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

DavidROliverBA/ArchitectKB

41 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT