1Password Service Account
PassAudited by ClawScan on May 10, 2026.
Overview
The visible skill is a coherent 1Password CLI helper for handling real secrets, so it appears benign but should be used only with least-privilege tokens and trusted commands.
Install only if you intend the agent to use 1Password secrets. Before use, create a narrowly scoped service-account token, verify every `.env.tpl` reference, run only trusted commands under `op run`, and never allow secret values to appear in chat, logs, or tool output.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the service-account token is too broad, the agent could access more 1Password secrets than intended.
The skill relies on a 1Password service-account token to access and inject secrets. This is central to the stated purpose and the instructions recommend secure storage and cleanup, but the token can access whatever vaults/items it is granted.
OP_SERVICE_ACCOUNT_TOKEN="$(__REPLACE_WITH_SECURE_STORE_COMMAND__)" ... op run --env-file=.env.tpl -- <command>
Use a dedicated least-privilege 1Password service account, restrict it to only required vaults/items, and rotate or revoke the token if exposed.
A malicious or mistaken command run under `op run` could leak or misuse injected secrets.
`op run` intentionally injects resolved secrets into a command's environment. This is expected for the skill, but the command receiving those secrets must be trusted.
OP_SERVICE_ACCOUNT_TOKEN="$OP_SERVICE_ACCOUNT_TOKEN" \ op run --env-file=.env.tpl -- ./api-call.sh
Review the target command and `.env.tpl` before running, avoid untrusted scripts, and keep the documented masking and no-logging safeguards enabled.