ClawHub

MH 1password

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 503·0 current·0 all-time
by@mohdalhashemi98-hue

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mohdalhashemi98-hue/mh-1password.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "MH 1password" (mohdalhashemi98-hue/mh-1password) from ClawHub.
Skill page: https://clawhub.ai/mohdalhashemi98-hue/mh-1password
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: op
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install mohdalhashemi98-hue/mh-1password

ClawHub CLI

Package manager switcher

npx clawhub@latest install mh-1password
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description, required binary 'op', and the brew install of 1password-cli are coherent with the stated purpose. However the SKILL.md mandates tmux usage (fresh tmux sessions and socket management) while 'tmux' is not listed as a required binary or declared dependency — this mismatch is unexpected and reduces coherence.
!
Instruction Scope
Instructions require creating a dedicated tmux socket/session, running interactive sign-in inside tmux, and using tmux capture-pane to read the session contents. The SKILL.md references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR environment variables and a separate 'tmux' skill convention — none of these env vars or the tmux dependency are declared. capture-pane can capture sensitive output; the doc doesn't explicitly say what to do with the captured text or how the agent will handle it.
Install Mechanism
Install spec uses a Homebrew formula ('1password-cli') which is an expected and low-risk mechanism for macOS/Linux users. The install creates the 'op' binary as expected.
Credentials
The skill declares no required environment variables or credentials (which fits a CLI onboarding helper). However the runtime instructions reference OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR (and fall back to TMPDIR) without declaring them. This is a mismatch to surface; the skill also requires access to the filesystem socket path to create tmux sockets.
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill does not request to modify other skills or system-wide settings. It asks to create temporary tmux sockets/sessions but does not request persistent installation or elevated privileges.
What to consider before installing
This skill appears to be an instruction-only helper for the official 1Password CLI and installs via Homebrew — that part is fine. Before installing, consider: 1) The instructions require tmux (creating sockets and capture-pane) but tmux is not declared as a required binary; ensure your environment has tmux and confirm the agent will actually have permission to create/clean up sockets in the chosen directory. 2) The SKILL.md references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR env vars that are not declared — verify what values will be used and that you trust the directory chosen (it may be under /tmp). 3) capture-pane reads terminal output (which can include secrets); ask how the agent/runtime will handle or persist that captured text and ensure it will not be uploaded to logs or external endpoints. 4) Confirm you have a 1Password subscription and the desktop app integration steps the doc references. If you want to proceed, request the skill author add tmux to required binaries, explicitly document how captured pane contents are handled (never sent to external services or logs), and declare any env vars it expects. If the author cannot clarify, treat the mismatch as a risk and avoid using the skill for highly sensitive sign-ins.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli
latestvk970zyqjw9qx3xg2czrh0f5xxn81sdzx
503downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@mohdalhashemi98-hue
latest
Download

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Comments

Loading comments...