proton-pass
Manage Proton Pass vaults, items (logins, SSH keys, aliases, notes), passwords, SSH agent integration, and secret injection into applications. Use when working with Proton Pass for password management, SSH key storage, secret injection (run commands with secrets, inject into templates), environment variable injection, or generating secure passwords. Supports vault/item CRUD, sharing, member management, SSH agent operations, TOTP generation, secret references (pass://vault/item/field), template injection, and command execution with secrets.
Install
mkdir -p .claude/skills/proton-pass && curl -L -o skill.zip "https://mcp.directory/api/skills/download/7687" && unzip -o skill.zip -d .claude/skills/proton-pass && rm skill.zipInstalls to .claude/skills/proton-pass
About this skill
Proton Pass CLI
Comprehensive password and secret management via the Proton Pass CLI. Manage vaults, items, SSH keys, share credentials, inject secrets, and integrate with SSH workflows.
Installation
Quick install
macOS/Linux:
curl -fsSL https://proton.me/download/pass-cli/install.sh | bash
Windows:
Invoke-WebRequest -Uri https://proton.me/download/pass-cli/install.ps1 -OutFile install.ps1; .\install.ps1
Homebrew (macOS)
brew install protonpass/tap/pass-cli
Note: Package manager installations (Homebrew, etc.) do not support pass-cli update command or track switching.
Verify installation
pass-cli --version
Authentication
Web login (recommended)
Default authentication method supporting all login flows (SSO, U2F):
pass-cli login
# Open the URL displayed in your browser and complete authentication
Interactive login
Terminal-based authentication (supports password + TOTP, but not SSO or U2F):
pass-cli login --interactive user@proton.me
Environment variables for automation
# Credentials as plain text (less secure)
export PROTON_PASS_PASSWORD='your-password'
export PROTON_PASS_TOTP='123456'
export PROTON_PASS_EXTRA_PASSWORD='your-extra-password'
# Or from files (more secure)
export PROTON_PASS_PASSWORD_FILE='/secure/password.txt'
export PROTON_PASS_TOTP_FILE='/secure/totp.txt'
export PROTON_PASS_EXTRA_PASSWORD_FILE='/secure/extra-password.txt'
pass-cli login --interactive user@proton.me
Verify session
pass-cli info # Show session info
pass-cli test # Test connection
Logout
pass-cli logout # Normal logout
pass-cli logout --force # Force local cleanup if remote fails
Vault Management
List vaults
pass-cli vault list
pass-cli vault list --output json
Create vault
pass-cli vault create --name "Vault Name"
Update vault
# By share ID
pass-cli vault update --share-id "abc123def" --name "New Name"
# By name
pass-cli vault update --vault-name "Old Name" --name "New Name"
Delete vault
⚠️ Warning: Permanently deletes vault and all items.
# By share ID
pass-cli vault delete --share-id "abc123def"
# By name
pass-cli vault delete --vault-name "Old Vault"
Share vault
# Share with viewer access (default)
pass-cli vault share --share-id "abc123def" colleague@company.com
# Share with specific role
pass-cli vault share --vault-name "Team Vault" colleague@company.com --role editor
# Roles: viewer, editor, manager
Manage vault members
# List members
pass-cli vault member list --share-id "abc123def"
pass-cli vault member list --vault-name "Team Vault" --output json
# Update member role
pass-cli vault member update --share-id "abc123def" --member-share-id "member123" --role editor
# Remove member
pass-cli vault member remove --share-id "abc123def" --member-share-id "member123"
Transfer vault ownership
pass-cli vault transfer --share-id "abc123def" "member_share_id_xyz"
pass-cli vault transfer --vault-name "My Vault" "member_share_id_xyz"
Item Management
List items
# List from specific vault
pass-cli item list "Vault Name"
pass-cli item list --share-id "abc123def"
# List with default vault (if configured)
pass-cli item list
View item
# By IDs
pass-cli item view --share-id "abc123def" --item-id "item456"
# By names
pass-cli item view --vault-name "MyVault" --item-title "MyItem"
# Using Pass URI
pass-cli item view "pass://abc123def/item456"
pass-cli item view "pass://MyVault/MyItem"
# View specific field
pass-cli item view "pass://abc123def/item456/password"
pass-cli item view --share-id "abc123def" --item-id "item456" --field "username"
# Output format
pass-cli item view --share-id "abc123def" --item-id "item456" --output json
Create login item
# Basic login
pass-cli item create login \
--share-id "abc123def" \
--title "GitHub Account" \
--username "myuser" \
--password "mypassword" \
--url "https://github.com"
# With vault name
pass-cli item create login \
--vault-name "Personal" \
--title "Account" \
--username "user" \
--email "user@example.com" \
--url "https://example.com"
# With generated password
pass-cli item create login \
--share-id "abc123def" \
--title "New Account" \
--username "myuser" \
--generate-password \
--url "https://example.com"
# Custom password generation: "length,uppercase,symbols"
pass-cli item create login \
--vault-name "Work" \
--title "Secure Account" \
--username "myuser" \
--generate-password="20,true,true" \
--url "https://example.com"
# Generate passphrase
pass-cli item create login \
--share-id "abc123def" \
--title "Account" \
--username "user" \
--generate-passphrase="5" \
--url "https://example.com"
Login template
# Get template structure
pass-cli item create login --get-template > template.json
# Create from template
pass-cli item create login --from-template template.json --share-id "abc123def"
# Create from stdin
echo '{"title":"Test","username":"user","password":"pass","urls":["https://test.com"]}' | \
pass-cli item create login --share-id "abc123def" --from-template -
Template format:
{
"title": "Item Title",
"username": "optional_username",
"email": "optional_email@example.com",
"password": "optional_password",
"urls": ["https://example.com", "https://app.example.com"]
}
Create SSH key items
Generate new SSH key
# Generate Ed25519 key (recommended)
pass-cli item create ssh-key generate \
--share-id "abc123def" \
--title "GitHub Deploy Key"
# Using vault name
pass-cli item create ssh-key generate \
--vault-name "Development Keys" \
--title "GitHub Deploy Key"
# Generate RSA 4096 key with comment
pass-cli item create ssh-key generate \
--share-id "abc123def" \
--title "Production Server" \
--key-type rsa4096 \
--comment "prod-server-deploy"
# Key types: ed25519 (default), rsa2048, rsa4096
# With passphrase protection
pass-cli item create ssh-key generate \
--share-id "abc123def" \
--title "Secure Key" \
--password
# Passphrase from environment
PROTON_PASS_SSH_KEY_PASSWORD="my-passphrase" \
pass-cli item create ssh-key generate \
--share-id "abc123def" \
--title "Automated Key" \
--password
Import existing SSH key
# Import unencrypted key
pass-cli item create ssh-key import \
--from-private-key ~/.ssh/id_ed25519 \
--share-id "abc123def" \
--title "My SSH Key"
# Import with vault name
pass-cli item create ssh-key import \
--from-private-key ~/.ssh/id_rsa \
--vault-name "Personal Keys" \
--title "Old RSA Key"
# Import passphrase-protected key (will prompt)
pass-cli item create ssh-key import \
--from-private-key ~/.ssh/id_ed25519 \
--share-id "abc123def" \
--title "Protected Key" \
--password
# Passphrase from environment
PROTON_PASS_SSH_KEY_PASSWORD="my-key-passphrase" \
pass-cli item create ssh-key import \
--from-private-key ~/.ssh/id_ed25519 \
--share-id "abc123def" \
--title "Automated Import" \
--password
Recommendation: For importing passphrase-protected keys, consider removing the passphrase first since keys will be encrypted in your vault:
# Create unencrypted copy
cp ~/.ssh/id_ed25519 /tmp/id_ed25519_temp
ssh-keygen -p -f /tmp/id_ed25519_temp -N ""
# Import
pass-cli item create ssh-key import \
--from-private-key /tmp/id_ed25519_temp \
--share-id "abc123def" \
--title "My SSH Key"
# Securely delete temp copy
shred -u /tmp/id_ed25519_temp # Linux
rm -P /tmp/id_ed25519_temp # macOS
Create email alias
# Create alias
pass-cli item alias create --share-id "abc123def" --prefix "newsletter"
pass-cli item alias create --vault-name "Personal" --prefix "shopping"
# With JSON output
pass-cli item alias create --vault-name "Personal" --prefix "temp" --output json
Update item
# Update single field
pass-cli item update \
--share-id "abc123def" \
--item-id "item456" \
--field "password=newpassword123"
# By vault name and item title
pass-cli item update \
--vault-name "Personal" \
--item-title "GitHub Account" \
--field "password=newpassword123"
# Update multiple fields
pass-cli item update \
--share-id "abc123def" \
--item-id "item456" \
--field "username=newusername" \
--field "password=newpassword" \
--field "email=newemail@example.com"
# Rename item
pass-cli item update \
--vault-name "Work" \
--item-title "Old Title" \
--field "title=New Title"
# Create/update custom fields
pass-cli item update \
--share-id "abc123def" \
--item-id "item456" \
--field "api_key=sk_live_abc123" \
--field "environment=production"
Note: Item update does not support TOTP or time fields. Use another Proton Pass client for those.
Delete item
⚠️ Warning: Permanent deletion.
pass-cli item delete --share-id "abc123def" --item-id "item456"
Share item
# Share with viewer access (default)
pass-cli item share --share-id "abc123def" --item-id "item456" colleague@company.com
# Share with editor access
pass-cli item share --share-id "abc123def" --item-id "item456" colleague@company.com --role editor
Generate TOTP codes
# Generate all TOTPs for an item
pass-cli item totp "pass://TOTP vault/WithTOTPs"
# Specific TOTP field
pass-cli item totp "pass://TOTP vault/WithTOTPs/TOTP 1"
# JSON output
pass-cli item totp "pass://TOTP vault/WithTOTPs" --output json
# Extract specific value
pass-cli item totp "pass://TOTP vault/WithTOTPs/TOTP 1" --output json | jq -r '.["TOTP 1"]'
Password Generation & Analysis
Generate passwords
# Random password (default settings)
pass-cli password generate random
# Custom random password
pass-cli password gener
---
*Content truncated.*
More by openclaw
View all skills by openclaw →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
Azure DevOpsBoost your productivity by managing Azure DevOps projects, pipelines, and repos in VS Code. Streamline dev workflows wit
Obsidian VaultInteract with your Obsidian vault for powerful note taking, file operations, and metadata management using the Obsidian
Dart Project ManagementEffortlessly manage tasks and documents with Dart Project Management. Streamline your workflow by creating, updating, an
MiroIntegrate with Miro's online whiteboard for seamless collaboration. Manage boards, create items, and use 80+ tools for v
Authenticator AppSecurely access two-factor authentication codes and passwords with this advanced password manager for seamless login ass
Obsidian SemanticObsidian Semantic delivers smart Obsidian vault management with intelligent file access, editing, and adaptive indexing
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.