ClawHubCN
@steipete

1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.

镜像下载
当前版本
v1.0.1
42 2.4万总安装 1,193
说明文件版本对比

name: 1password description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op. homepage: https://developer.1password.com/docs/cli/get-started/ metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}}

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Security Scan

状态

suspicious

打开 VirusTotal

OpenClaw

gpt-5-mini

suspicious

OpenClaw 分析

The skill's instructions generally match its stated purpose (using the 1Password CLI), but there are a few inconsistencies and a small risk that terminal output capture could expose secrets — you should review those before installing.

置信度: medium

VirusTotal

Type: OpenClaw Skill Name: 1password Version: 1.0.1 The skill is designed to integrate with and utilize the 1Password CLI (`op`) for secret management. All instructions and examples, including the complex `tmux` session management in `SKILL.md`, are consistent with the legitimate and secure operation of the `op` CLI within an agent environment. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, malicious execution, persistence, or prompt injection aimed at subverting the agent for harmful purposes. The guardrails explicitly advise against insecure secret handling.

元数据

  • 作者: @steipete
  • 创建时间: 2026/01/06
  • 更新时间: 2026/02/26
  • 版本数: 2
  • 评论数: 3
  • 扫描时间: 2026/02/11

运行要求

官方公开数据里暂未列出运行要求。