ClawHub

test-skill22131

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 323·1 current·1 all-time
by@littlecrabzzz-alt

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for littlecrabzzz-alt/test-skill2123.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "test-skill22131" (littlecrabzzz-alt/test-skill2123) from ClawHub.
Skill page: https://clawhub.ai/littlecrabzzz-alt/test-skill2123
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: op
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install littlecrabzzz-alt/test-skill2123

ClawHub CLI

Package manager switcher

npx clawhub@latest install test-skill2123
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binary (op), and the brew install formula (1password-cli) are consistent with a skill whose job is to help install and use the 1Password CLI.
!
Instruction Scope
The SKILL.md mandates running every op command inside a freshly-created tmux session and explicitly captures the tmux pane (capture-pane) then kills the session. Capturing terminal output can include secrets (or one-time codes) and the instructions do not require redaction or otherwise limit what is captured or how the captured output is handled/transmitted. The instructions also reference socket-directory env vars (OPENCLAW_TMUX_SOCKET_DIR, CLAWDBOT_TMUX_SOCKET_DIR) that are not declared in the skill metadata. Overall the instructions perform actions that could expose sensitive data unless callers strictly follow additional safeguards not specified here.
Install Mechanism
Install spec uses Homebrew formula '1password-cli' which is an expected, low-risk installation path for this purpose. No arbitrary downloads or archive extraction are present.
Credentials
The skill declares no required credentials or env vars (appropriate for a local CLI helper). However, it references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR in example commands; these are not declared in requires.env. There is no request for unrelated credentials, which is good.
Persistence & Privilege
The skill is not force-included (always: false) and does not request elevated or persistent platform privileges. Autonomous invocation is allowed by platform default but not combined with other high-risk flags.
What to consider before installing
This skill appears to be a legitimate 1Password CLI helper and installs via Homebrew as expected. The main risk is operational: the instructions require creating a tmux session and capturing the terminal pane, which can include sensitive output. Before installing, confirm you (or the agent) will: 1) never transmit captured pane output to logs or external services, 2) implement redaction or strict filtering of captured output, and 3) review/declare any socket-related env vars (OPENCLAW_TMUX_SOCKET_DIR / CLAWDBOT_TMUX_SOCKET_DIR) used in your environment. If you want stronger guarantees, ask the skill author to remove automatic capture-pane usage or to add explicit redaction and handling rules in SKILL.md. If these safeguards cannot be enforced, treat outputs from this skill as high-sensitivity data and restrict its use.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli
latestvk97aa0hgxpscvcs066304rrxp1822p6g
323downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@littlecrabzzz-alt
latest
Download

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Comments

Loading comments...