1Password Web UI

1Password UI tab for OpenClaw dashboard. Manage secrets, credential mappings, and auth state from the Control UI.

Audits

Suspicious

ClawScanSuspicious

Agentic behavior and permission review.

Static analysisReview

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install 1password-ui

1Password UI Extension

Adds a 1Password tab to the OpenClaw Control dashboard under the Tools group. Browse vaults, manage credential mappings for skills, and handle authentication — all from the web UI.

Features

Feature	Description
Dashboard Tab	"1Password" under Tools in sidebar
Connection Status	See signed-in account, CLI/Connect mode
Sign In Flow	Authenticate directly from the UI
Docker Support	Works with 1Password Connect for containers
Credential Mappings	Map 1Password items to skill configs

Agent Installation Prompt

To install this skill, give your agent this prompt:

Install the 1password-ui skill from ClawHub.

The skill is at: ~/clawd/skills/1password-ui/
Follow INSTALL_INSTRUCTIONS.md step by step.

Summary of changes needed:
1. Copy 1password-backend.ts to src/gateway/server-methods/1password.ts
2. Register handlers in server-methods.ts
3. Add "1password" tab to navigation.ts (TAB_GROUPS, Tab type, TAB_PATHS, icon, title, subtitle)
4. Add state variables to app.ts
5. Copy 1password-views.ts to ui/src/ui/views/1password.ts
6. Add view rendering to app-render.ts
7. Add tab loading to app-settings.ts
8. Build and restart: pnpm build && pnpm ui:build && clawdbot gateway restart

Prerequisites

For Local Installations (Ubuntu/Windows/macOS)

1Password CLI (op):

# macOS/Linux
brew install 1password-cli

# Or from https://1password.com/downloads/command-line/

CLI Integration enabled in 1Password app:
- Settings → Developer → "Integrate with 1Password CLI" ✓

For Docker Installations

See Docker Setup below.

Usage

Sign In

Open OpenClaw Dashboard → Tools → 1Password
Click Sign In with 1Password
Authorize in the 1Password app popup (or run op signin in terminal)
Status shows "Connected" with your account

Credential Mappings

Once signed in, you can map 1Password items to skills:

Skills like Pipedream can read credentials from 1Password
Mappings are stored in ~/clawd/config/1password-mappings.json
Format: { "skillId": { "item": "Item Name", "vault": "Private", "fields": {...} } }

Example: Pipedream with 1Password

# Store Pipedream credentials in 1Password
op item create --category="API Credential" --title="Pipedream Connect" \
  --vault="Private" \
  "client_id[text]=your_client_id" \
  "client_secret[password]=your_client_secret" \
  "project_id[text]=proj_xxxxx"

# Use in token refresh
PIPEDREAM_1PASSWORD_ITEM="Pipedream Connect" python3 ~/clawd/scripts/pipedream-token-refresh.py

Gateway RPC Methods

Method	Description
`1password.status`	Get CLI/Connect status, signed-in account
`1password.signin`	Trigger sign-in flow
`1password.signout`	Sign out of current session
`1password.vaults`	List available vaults
`1password.items`	List items in a vault
`1password.getItem`	Get item field structure (not values)
`1password.readSecret`	Read a secret (backend only)
`1password.mappings.list`	Get skill → 1Password mappings
`1password.mappings.set`	Create/update a mapping
`1password.mappings.delete`	Remove a mapping
`1password.mappings.test`	Test if a mapping works

Docker Setup (1Password Connect)

For Docker-based OpenClaw installations, use 1Password Connect instead of the CLI.

Step 1: Deploy 1Password Connect

# docker-compose.yml
services:
  op-connect-api:
    image: 1password/connect-api:latest
    ports:
      - "8080:8080"
    volumes:
      - ./1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro
      - op-data:/home/opuser/.op/data

  op-connect-sync:
    image: 1password/connect-sync:latest
    volumes:
      - ./1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro
      - op-data:/home/opuser/.op/data

volumes:
  op-data:

Step 2: Get Credentials

Go to my.1password.com → Integrations → Secrets Automation
Create a Connect server
Download 1password-credentials.json
Create an access token

Step 3: Configure OpenClaw

services:
  clawdbot:
    environment:
      - OP_CONNECT_HOST=http://op-connect-api:8080
      - OP_CONNECT_TOKEN=your-access-token

The UI automatically detects Connect mode.

Files Included

1password-ui/
├── SKILL.md                      # This file
├── INSTALL_INSTRUCTIONS.md       # Step-by-step installation
├── CHANGELOG.md                  # Version history
├── package.json                  # Skill metadata
├── reference/
│   ├── 1password-backend.ts      # Gateway RPC handlers
│   ├── 1password-views.ts        # UI view (Lit template)
│   ├── 1password-settings.ts     # Tab loading logic
│   └── 1password-plugin.ts       # Plugin registration (optional)
└── scripts/
    └── op-helper.py              # CLI/Connect bridge for skills

Security Considerations

✅ Safe by Design

Aspect	Implementation
Secrets not in UI	`getItem` and `items` return field names only, never values
No network installers	No `curl \| sh` or remote scripts — all code is local
Manual installation	Requires explicit code edits, no automated patching
Mapping file perms	`1password-mappings.json` should be 0600 (contains references, not secrets)
CLI auth	Uses 1Password app integration for biometric auth when available

⚠️ Documented Risks

Risk	Mitigation
`readSecret` RPC available	The `1password.readSecret` method IS exposed via gateway RPC. This is intentional — skills need to read secrets. Security relies on: (1) 1Password requiring user auth, (2) gateway access control (loopback-only by default).
Gateway exposure	All `1password.*` methods are RPC calls. If you expose your gateway to the network, protect it with authentication.
Connect token	In Docker mode, `OP_CONNECT_TOKEN` grants vault access. Keep it secure like any API key.

File Security

# Recommended permissions for mapping file
chmod 600 ~/clawd/config/1password-mappings.json

Troubleshooting

"1Password CLI Not Found"

brew install 1password-cli
# or download from 1password.com/downloads/command-line/

"Not signed in"

op signin
op whoami  # verify

Sign-in fails / "authorization denied"

Unlock the 1Password app
Enable CLI integration: Settings → Developer → "Integrate with 1Password CLI"

Docker: "connection refused"

docker ps | grep op-connect  # check containers running

Docker: "401 unauthorized"

Verify OP_CONNECT_TOKEN is set correctly
Check token hasn't expired

Support

ClawHub: clawhub.ai/skills/1password-ui
1Password CLI: developer.1password.com/docs/cli
1Password Connect: developer.1password.com/docs/connect
OpenClaw Discord: discord.com/invite/clawd

Changelog

v1.1.0 (2025-02-11)

Full working implementation with dashboard UI
Sign-in flow from web interface
CLI and Connect mode support
Credential mapping system

v1.0.0 (2025-02-11)

Initial release with reference implementations