Back to skill
Skillv1.0.1
ClawScan security
Lap 1password Connect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 23, 2026, 8:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (1Password Connect access) and only requests a single, appropriate API key; no installs or unrelated privileges are requested.
- Guidance
- This skill appears to do what it says: talk to a local 1Password Connect server using the provided 1PASSWORD_CONNECT_API_KEY. Before installing, confirm the following: (1) the base URL (http://localhost:8080/v1) points to the Connect server you intend to use — if you plan to use a remote host, understand the network implications; (2) the API key you provide has minimal required scope and is treated as a secret (rotate/revoke if exposed); (3) if you do not want the agent to call the API autonomously, disable autonomous invocation for this skill or provide a scoped key that limits what the agent can do; and (4) avoid running the optional npx commands unless you trust they will fetch the official spec (they perform a network fetch and require npm). Overall there are no unexpected env vars, installs, or filesystem accesses in the skill.
Review Dimensions
- Purpose & Capability
- okName/description, declared env var (1PASSWORD_CONNECT_API_KEY), and the listed endpoints (vaults, activity, heartbeat, health, metrics) align with a 1Password Connect integration. There are no unrelated binaries, configs, or credentials requested.
- Instruction Scope
- noteThe SKILL.md instructs the agent to call local 1Password Connect endpoints (base URL http://localhost:8080/v1) and to use a Bearer token from 1PASSWORD_CONNECT_API_KEY — this is appropriate for the stated purpose. The doc also suggests running npx @lap-platform/lapsh to fetch references/api-spec.lap (a CLI/network operation) — that is optional documentation tooling and not required for API use; if executed it will perform a network fetch and requires npm. The skill's runtime instructions do not ask the agent to read arbitrary local files or exfiltrate data to third-party endpoints.
- Install Mechanism
- okNo install spec or code is included (instruction-only), so nothing will be downloaded or written to disk by the skill itself.
- Credentials
- noteOnly a single env var (1PASSWORD_CONNECT_API_KEY) is required, which is proportional to a Connect API skill. However, that API key grants access to vaults and items according to its privileges — treat it as highly sensitive and prefer least-privilege keys and scoped service accounts.
- Persistence & Privilege
- okalways is false and there is no install or persistent modification of agent/system state. The skill can be invoked autonomously by the agent (disable-model-invocation is false), which is the platform default; this is expected behavior but worth noting because an autonomous agent could call the 1Password API using the provided key.