ClawHub

1password

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 397·0 current·0 all-time
byMiguel Guerra@miguelguerra200022-sudo·duplicate of @mohdalhashemi98-hue/mh-1password

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for miguelguerra200022-sudo/1password-zito.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "1password" (miguelguerra200022-sudo/1password-zito) from ClawHub.
Skill page: https://clawhub.ai/miguelguerra200022-sudo/1password-zito
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: op
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install miguelguerra200022-sudo/1password-zito

ClawHub CLI

Package manager switcher

npx clawhub@latest install 1password-zito
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match requirements: the skill requires the op binary and offers a brew install for the official 1password-cli formula. Nothing requested (binaries, install) is inconsistent with setting up or using the 1Password CLI.
Instruction Scope
SKILL.md is instruction-only and confines actions to installing, signing in, and running op commands. The notable constraint is a REQUIRED fresh tmux session for all op commands and use of a temporary socket; this is restrictive but explainable (TTY/auth integration). The instructions do not request or transmit secrets to any external endpoints beyond 1Password itself.
Install Mechanism
Install uses a Homebrew formula (1password-cli) to create the op binary. This is a standard, low-risk install mechanism for macOS/Linux and proportionate to the skill's purpose.
Credentials
The skill declares no required env vars, but the instructions reference OP_ACCOUNT and several socket-related env vars (OPENCLAW_TMUX_SOCKET_DIR, CLAWDBOT_TMUX_SOCKET_DIR, TMPDIR). These are reasonable for runtime behavior but are not declared in metadata; they don't appear to request secrets, but the mismatch should be noted.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not request persistent privileges, modify other skills, or claim system-wide configuration changes.
Assessment
This skill appears to do what it says: install and run the 1Password CLI. Before installing, confirm you trust the Homebrew formula source (Homebrew core/tap) and that '1password-cli' is the official package for your OS. Be aware the skill enforces running all op commands inside a fresh tmux session and references socket-related environment variables (OPENCLAW_TMUX_SOCKET_DIR / CLAWDBOT_TMUX_SOCKET_DIR / TMPDIR) and OP_ACCOUNT; verify those values on your system so sockets aren't placed in shared or unexpected locations. The skill does not request extra credentials itself, but using the op CLI will access your 1Password vaults — only authorize the desktop app and accounts you trust, and avoid pasting secrets into logs or chat as the guardrails say.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli
latestvk971jabga11ce448tq3xtf819h821zjp
397downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Miguel Guerra@miguelguerra200022-sudo
latest
Download

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Comments

Loading comments...