test-skill22131
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This 1Password helper is coherent and includes safety advice, but it can give an agent broad password-vault access without explicit per-secret scoping or confirmation.
Install only if you want the agent to help with 1Password CLI tasks. Before signing in, specify the exact account, vault, item, and field needed; do not let the agent print secret values; confirm any command that reads or injects secrets; and make sure the tmux session is killed when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the agent could access or inject secrets from the user’s 1Password account beyond what the user intended for a particular task.
This explicitly grants the agent a workflow for accessing and using password-manager secrets, but the instructions do not bound access to a specific vault, item, field, or per-secret user approval step.
description: Set up and use 1Password CLI (op). Use when ... reading/injecting/running secrets via op.
Use only for explicit, user-requested secret operations. Add or follow a rule requiring the user to specify the exact account, vault, item, and field, and confirm before any secret read or injection.
Incorrect commands or captured terminal output could expose account metadata or, if guardrails are ignored, secret values.
The skill drives the 1Password CLI through a tmux shell session and captures output. This is disclosed and purpose-aligned, but it is powerful enough that commands and captured output should stay tightly controlled.
REQUIRED: create a fresh tmux session for all `op` commands ... `tmux ... send-keys ... "op signin --account my.1password.com" ... capture-pane`
Run only the minimum needed `op` commands, avoid capturing secret values, and kill the tmux session after the task.
The local tool being installed will be trusted to handle 1Password authentication and secrets.
The skill depends on installing an external CLI via Homebrew. This is expected for the stated purpose and no hidden code is present, but users still rely on the package source.
brew | formula: 1password-cli | creates binaries: op
Install from the official 1Password/Homebrew channel and verify the CLI source before authorizing account access.
If secret values are pasted into the conversation, logs, code, or files, they may be retained or reused outside the intended secret operation.
The skill acknowledges that secret values may otherwise enter chat, logs, code, or disk. The guidance is appropriate, but users must ensure it is followed.
Never paste secrets into logs, chat, or code. Prefer `op run` / `op inject` over writing secrets to disk.
Keep secret values out of chat and generated files; prefer `op run` or `op inject`, and redact any command output that might contain secrets.