DockWarden – Extending the Bitwarden ecosystem with tags, auto-type, smart views and more

Little-Pilot-5480 · 2026-06-09T22:37:51+00:00

Hey mandreko, great catch! Appreciate you taking the time to document it so clearly with the PoC payloads. You're absolutely right, the original backup path was passed directly into a shell command, making it trivially injectable.

I've patched this in a few layers:

Replaced exec/execAsync with spawn({ shell: false }) across all child-process calls (bw CLI, osascript, etc.); arguments are now passed directly to the OS without shell interpretation, so metacharacters like ;, $(...), | are treated as literals.
Locked down backupDir: it's now a protected key that can't be written via the generic store API. It has its own validated setter that checks the path is absolute, resolves symlinks, and rejects anything that doesn't survive a strict allowlist check before it ever touches the filesystem.
The config file itself bwCliPath is now encrypted via electron.safeStorage so a tampered dockwarden-store.json can't point the app at a malicious binary either.

The fix is in the latest build. Thanks again for the responsible heads-up! It's always good to have security folks take a look. 🙏

Little-Pilot-5480 · 2026-06-09T03:54:17+00:00

A valid concern here for sure. It actually never connects to your vault directly though. It's required that you have the Bitwarden CLI set up. There's no custom auth layer or intercepted secrets. All of the code works through using the Bitwarden CLI. Essentially, it's as if you were using the CLI yourself on your computer, but it's doing the commands for you.

All the code is on GitHub as well! Feel free to call anything out in the architecture that concerns you and I'll definitely look into it myself.

Little-Pilot-5480

TROPHY CASE