ClawHubCN
@steipete

1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

Mirror download
Current version
v1.0.1
42 2.4万All installs 1,193
READMEFilesVersionsCompare

name: 1password description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op. homepage: https://developer.1password.com/docs/cli/get-started/ metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}}

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Security Scan

Status

suspicious

Open VirusTotal

OpenClaw

gpt-5-mini

suspicious

OpenClaw analysis

The skill's instructions generally match its stated purpose (using the 1Password CLI), but there are a few inconsistencies and a small risk that terminal output capture could expose secrets — you should review those before installing.

Confidence: medium

VirusTotal

Type: OpenClaw Skill Name: 1password Version: 1.0.1 The skill is designed to integrate with and utilize the 1Password CLI (`op`) for secret management. All instructions and examples, including the complex `tmux` session management in `SKILL.md`, are consistent with the legitimate and secure operation of the `op` CLI within an agent environment. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, malicious execution, persistence, or prompt injection aimed at subverting the agent for harmful purposes. The guardrails explicitly advise against insecure secret handling.

Metadata

  • Owner: @steipete
  • Created: 2026/01/06
  • Updated: 2026/02/26
  • Versions: 2
  • Comments: 3
  • Scan checked at: 2026/02/11

Runtime

No runtime requirements are exposed in the official public payload.