nova root
Skill that integrates bws (Bitwarden Secrets Manager CLI) with Hermes Agent. Lets the
agent read, list, and inject secrets via bws run β no plaintext passwords in configs.
What it does:
- bws run to inject secrets as env vars into any command
- Secret listing, single secret retrieval, dotenv export
- Dependency frontmatter with tools, env, verify blocks β so skill-graph-test can verify
the whole chain automatically - Guardrails: never prints raw secrets unless explicitly asked, prefers bws run over
writing to disk
Why it's useful as a building block: Any skill that needs credentials can depend on
bitwarden instead of hardcoding secrets. For example, my email-himalaya skill declares
skills: [bitwarden] in its frontmatter and gets IMAP passwords from BWS at runtime. Same
pattern works for database credentials, API keys, deploy tokens β anything.
