Npjames 1password
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the agent could access sensitive 1Password vault contents beyond the specific secret the user intended.
The skill directs the agent to authenticate to 1Password and then permits secret reads, but the artifacts do not bound which accounts, vaults, or items may be accessed.
Sign in / authorize inside tmux: `op signin` ... Verify access inside tmux: `op whoami` (must succeed before any secret read).
Use only with explicit user direction for each account, vault, item, and operation; the skill should add per-secret confirmation and clear output rules.
Secrets could be exposed in terminal output, chat transcripts, logs, or local files if these examples are used carelessly.
The documented examples include commands that write secrets to disk or print unmasked secrets to the terminal. This is aligned with 1Password CLI capabilities, but risky if captured into logs or chat.
`op read --out-file ./key.pem op://app-prod/server/ssh/key.pem` ... `op run --no-masking -- printenv DB_PASSWORD`
Avoid `--no-masking` and avoid writing secrets to files unless strictly necessary; prefer `op run` or `op inject` with masked output and user-confirmed destinations.
The skill may fail or prompt ad hoc setup if tmux is unavailable, making the actual installation/runtime requirements less predictable.
The instructions make tmux a required runtime dependency, while the supplied requirements and install specification declare only the `op` binary.
REQUIRED: create a fresh tmux session for all `op` commands (no direct `op` calls outside tmux).
Declare tmux as a required dependency or add instructions to stop and ask the user before installing or using any undeclared tool.