Back to skill
Skillv1.0.0
ClawScan security
1password · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:49 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its stated purpose (installing/using the 1Password CLI), uses a standard Homebrew formula to install op, and its runtime instructions are consistent with expected 1Password workflows — the main unusual requirement is an enforced fresh tmux session and a few referenced env vars not declared in metadata.
- Guidance
- This skill appears to do what it says: install and run the 1Password CLI. Before installing, confirm you trust the Homebrew formula source (Homebrew core/tap) and that '1password-cli' is the official package for your OS. Be aware the skill enforces running all op commands inside a fresh tmux session and references socket-related environment variables (OPENCLAW_TMUX_SOCKET_DIR / CLAWDBOT_TMUX_SOCKET_DIR / TMPDIR) and OP_ACCOUNT; verify those values on your system so sockets aren't placed in shared or unexpected locations. The skill does not request extra credentials itself, but using the op CLI will access your 1Password vaults — only authorize the desktop app and accounts you trust, and avoid pasting secrets into logs or chat as the guardrails say.
Review Dimensions
- Purpose & Capability
- okName/description match requirements: the skill requires the op binary and offers a brew install for the official 1password-cli formula. Nothing requested (binaries, install) is inconsistent with setting up or using the 1Password CLI.
- Instruction Scope
- noteSKILL.md is instruction-only and confines actions to installing, signing in, and running op commands. The notable constraint is a REQUIRED fresh tmux session for all op commands and use of a temporary socket; this is restrictive but explainable (TTY/auth integration). The instructions do not request or transmit secrets to any external endpoints beyond 1Password itself.
- Install Mechanism
- okInstall uses a Homebrew formula (1password-cli) to create the op binary. This is a standard, low-risk install mechanism for macOS/Linux and proportionate to the skill's purpose.
- Credentials
- noteThe skill declares no required env vars, but the instructions reference OP_ACCOUNT and several socket-related env vars (OPENCLAW_TMUX_SOCKET_DIR, CLAWDBOT_TMUX_SOCKET_DIR, TMPDIR). These are reasonable for runtime behavior but are not declared in metadata; they don't appear to request secrets, but the mismatch should be noted.
- Persistence & Privilege
- okSkill is not always-enabled and is user-invocable. It does not request persistent privileges, modify other skills, or claim system-wide configuration changes.