MH 1password
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is transparently about 1Password CLI use, but it gives the agent high-impact password-vault access and includes examples that could print or write secrets.
Install only if you are comfortable letting the agent help operate 1Password CLI. Keep 1Password locked until needed, specify the exact account/vault/item, require confirmation before every secret read or file write, avoid `--no-masking`, and make sure tmux sessions are killed after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After authorization, the agent could access sensitive credentials available to the signed-in 1Password account if the task or later instructions are too broad.
The skill is explicitly designed to authenticate to 1Password and read or use vault secrets. That is purpose-aligned, but the artifacts do not clearly restrict which account, vault, item, or secret the agent may access.
description: Set up and use 1Password CLI (op)... reading/injecting/running secrets via op... Verify access inside tmux: `op whoami` (must succeed before any secret read).
Use this only with explicit user direction. Require confirmation for each `op read`, `op run`, `op inject`, account, vault, item, and output destination; prefer least-privilege or test vault access.
A secret could be exposed in terminal output, agent-visible logs, chat, or local files if these examples are used carelessly.
The examples document raw op commands that can print secrets, disable masking, or write secrets to local files. They are not auto-run, but they are high-impact patterns without accompanying approval or destination checks.
`op read --out-file ./key.pem op://app-prod/server/ssh/key.pem`; `op run --no-masking -- printenv DB_PASSWORD`; `op inject -i config.yml.tpl -o config.yml`
Avoid `--no-masking` and printing secrets. Ask before writing any secret file, verify paths, and prefer masked or process-local secret injection.
Secrets printed during a tmux session could be copied into the agent conversation or retained in logs/context.
The skill relies on capturing tmux pane output for op commands and also warns not to paste secrets into logs or chat. If secret-producing commands are captured, sensitive values may enter the agent context despite the guardrail.
`tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200` and `Never paste secrets into logs, chat, or code.`
Do not capture panes after secret-producing commands. Keep secret values out of chat, logs, summaries, and saved context; use commands that avoid printing secret material.