ClawHub

Npjames 1password

Security checks across malware telemetry and agentic risk

Overview

This 1Password CLI skill is mostly coherent, but it needs Review because it gives an agent access to vault secrets and includes examples that can print or persist secrets without enough safeguards.

Install only if you trust the publisher and want an agent to operate 1Password CLI. Before use, require exact account, vault, item, and field names; do not allow unmasked printing of secrets; avoid pane capture after secret reads; keep generated secret files out of repositories and shared folders; use restrictive permissions; delete temporary outputs; and lock 1Password when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow captures tmux pane output after running authenticated `op` commands, which can inadvertently include sensitive account metadata or secret values if a later command prints them. Because terminal capture is a logging/export mechanism, this increases the risk that secrets or sensitive vault contents are exposed to agent logs, transcripts, or downstream tooling beyond the interactive session.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples explicitly show writing secret material to local files, such as `--out-file ./key.pem` and generating `config.yml` from secret templates, without any warning about filesystem exposure, permissions, cleanup, or accidental inclusion in backups and version control. In a secrets-management skill, this is risky because users may copy these commands directly and persist sensitive data in insecure locations.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
## Run

- `export DB_PASSWORD="op://app-prod/db/password"`
- `op run --no-masking -- printenv DB_PASSWORD`
- `op run --env-file="./.env" -- printenv DB_PASSWORD`

## Inject
Confidence
97% confidence
Finding
printenv DB_PASSWORD

Env Variable Harvesting

High
Category
Data Exfiltration
Content
- `export DB_PASSWORD="op://app-prod/db/password"`
- `op run --no-masking -- printenv DB_PASSWORD`
- `op run --env-file="./.env" -- printenv DB_PASSWORD`

## Inject
Confidence
93% confidence
Finding
printenv DB_PASSWORD

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal