ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

1password 1.0.1

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 513·21 current·23 all-time
by@daggerkun007

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daggerkun007/1password-1-0-1.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "1password 1.0.1" (daggerkun007/1password-1-0-1) from ClawHub.
Skill page: https://clawhub.ai/daggerkun007/1password-1-0-1
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: op
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install daggerkun007/1password-1-0-1

ClawHub CLI

Package manager switcher

npx clawhub@latest install 1password-1-0-1
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what is required: the skill installs/uses the 1Password CLI (op). Requiring the 'op' binary and offering a Homebrew install for the official 1password-cli formula is coherent and proportionate for this purpose.
Instruction Scope
Instructions are largely limited to installing, signing in, and verifying with op. They require running op inside a fresh tmux session and capture the tmux pane output. Capturing pane output may include sensitive output if commands emit secrets; the SKILL.md warns not to paste secrets but does not explicitly instruct filtering of captured output. The skill also references CLAWDBOT_TMUX_SOCKET_DIR (a convention) without declaring it in requires.env.
Install Mechanism
Install spec uses Homebrew formula '1password-cli' which is an expected, low-risk distribution mechanism for macOS/Linux; no downloads from untrusted URLs or arbitrary archives are used.
Credentials
The skill declares no required credentials or env vars, which fits a CLI helper. It references the CLAWDBOT_TMUX_SOCKET_DIR/TMPDIR variable to place tmux sockets — these are operational conventions rather than secret credentials, but they are not listed in requires.env.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent/always-on privileges or attempt to modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: help install and use the official 1Password CLI. Before installing, confirm you trust the Homebrew formula source and your environment's Homebrew configuration. Pay attention to the tmux workflow: the instructions capture tmux pane output (capture-pane), which can include sensitive text if a command prints secrets. If you run this in an automated agent or CI, ensure captured output is not transmitted to external logs or chat; prefer op run/op inject as recommended. Also note the skill references a CLAWDBOT_TMUX_SOCKET_DIR convention (and TMPDIR) — if you don't want socket files in /tmp, set CLAWDBOT_TMUX_SOCKET_DIR to a controlled directory. If any part of the tmux flow or captured output makes you uncomfortable, run the signin and verification interactively instead.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli
latestvk974g38gjqxnb58az1rmm5wavd82axeh
513downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@daggerkun007
latest
Download

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Comments

Loading comments...