1password
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is clearly for 1Password CLI use, but it gives the agent broad password-vault access and includes examples that can print or write secrets without strong per-secret scoping.
Install only if you intentionally want the agent to operate 1Password CLI. Before each use, require explicit review of the exact account, vault/item reference, and command; avoid printing secrets; avoid writing keys/passwords to disk unless necessary; and ensure any tmux session is killed after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After the user unlocks or authorizes 1Password, the agent could access secrets available to that account through the CLI.
The skill authorizes use of a signed-in 1Password account and password vault. The artifacts do not clearly require a specific user-approved vault/item or per-secret confirmation before reads/runs.
description: Set up and use 1Password CLI (op). Use when ... signing in ... or reading/injecting/running secrets via op.
Use this only for explicit 1Password tasks. Require the agent to show the exact op:// reference, account, vault, and command before each secret access, and keep 1Password locked when not needed.
Passwords or private keys could be exposed in the transcript, terminal scrollback, logs, or local files.
These examples show a secret printed unmasked to terminal output and a private key written to disk. In an agent workflow, terminal output or generated files can be copied into logs, chat, or context if not tightly controlled.
`op run --no-masking -- printenv DB_PASSWORD` `op read --out-file ./key.pem op://app-prod/server/ssh/key.pem`
Avoid `--no-masking` and commands that print secrets. Write secret files only when explicitly requested, use restrictive permissions, and delete them when no longer needed.
Secret-related output may remain in a background terminal session until the session is killed.
The skill uses a detached tmux session to keep 1Password CLI authentication working. The example does kill the session, but while active it can retain command output and history.
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell ... tmux -S "$SOCKET" capture-pane ... tmux -S "$SOCKET" kill-session -t "$SESSION"
Use a fresh tmux session only for the needed task, capture only non-secret output, and kill the session immediately afterward.