ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Npjames 1password

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 26 · 1 current installs · 1 all-time installs
by@npjameszheng1125-netizen
fork of @steipete/1password (based on 1.0.1)
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the brew install for 1password-cli (op) are coherent: the skill is about installing and using the 1Password CLI. However, the SKILL.md mandates running everything inside tmux but the skill's declared requirements do not list tmux as a required binary or document the CLAWDBOT_TMUX_SOCKET_DIR env var. That is an internal inconsistency.
!
Instruction Scope
The instructions explicitly instruct the agent to create a dedicated tmux socket/session, send signin commands into that session, capture the pane output, and kill the session. Capturing pane output can include prompts or secret values depending on what commands are run; the SKILL.md does not specify filtering or sanitization of captured output. The doc also references an external 'tmux' skill for socket conventions but does not constrain how captured data is used. These steps grant the agent broad discretion to run interactive auth and collect terminal output — reasonable for automating signin, but risky without clearer safeguards.
Install Mechanism
Install is a Homebrew formula '1password-cli' which is a standard, low-risk install path for macOS/Linux when Homebrew is available. No arbitrary URL downloads or exec/install scripts are present in the manifest.
!
Credentials
The skill does not request any credentials or env vars in its registry metadata, yet the instructions reference CLAWDBOT_TMUX_SOCKET_DIR and use OP_ACCOUNT optionally. The implicit dependency on a tmux socket directory and on tmux itself is not declared. While the skill doesn't ask for secrets directly, the mismatch between declared env requirements and referenced envs/paths is concerning.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It installs via brew (normal) and does not modify other skills or global agent configuration in the manifest.
What to consider before installing
This skill mostly does what it says (install and run the 1Password CLI), but there are important inconsistencies and potential risks to consider before installing: - Missing tmux declaration: The runtime instructions require tmux, create sockets, and manage sessions, yet the skill metadata does not list tmux as a required binary. Ask the publisher to explicitly require 'tmux' (and any other needed tools) so the agent can validate runtime dependencies. - Captured terminal output may contain secrets: The example captures tmux pane output. Ensure the skill will never capture or persist secret values (and that any captured output is sanitized and not sent to logs, chat, or external endpoints). Prefer returning only success/error status rather than raw pane contents. - Environment/paths mismatch: The SKILL.md references CLAWDBOT_TMUX_SOCKET_DIR and TMPDIR conventions not declared in requires.env. Confirm whether the agent must set these env vars and whether socket files under /tmp are acceptable in your environment. - Install is reasonable: Brew formula is an expected install mechanism for the 1Password CLI. Still verify the brew formula source if you require a high-assurance provenance. Recommendations before enabling or giving this skill autonomous access: - Request the publisher add 'tmux' to required binaries and declare any env vars the runtime uses. - Ask for explicit rules about what is captured from tmux panes and how that output is handled, filtered, and stored. - Test the workflow in a sandbox account/VM to confirm no secret values are leaked into logs or agent context. - If you need stronger assurance, prefer manual signin or require the skill to use op run/op inject primitives that avoid printing secrets to stdout.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9799sjgaawkzvqtbxa1rwxe21830s50

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli

SKILL.md

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: op --version.
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  5. Sign in / authorize inside tmux: op signin (expect app prompt).
  6. Verify access inside tmux: op whoami (must succeed before any secret read).
  7. If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…