ClawHub

1Password

Security checks across malware telemetry and agentic risk

Overview

This 1Password skill is a disclosed read-oriented connector integration, but users should recognize it can access sensitive vault and item data through OOMOL.

Install only if you are comfortable letting the agent use your connected OOMOL 1Password integration to list vaults/items and retrieve full item details when you ask for 1Password data. Review requested actions carefully, especially any future connector action marked write or destructive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The manifest says the skill is for searching and reading data, but the instructions allow arbitrary connector actions after querying the live schema. That creates a capability mismatch: if the connector later exposes write or destructive actions, an agent may invoke them under a skill users were led to believe was read-only, enabling unauthorized secret modification or broader vault operations.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The safety section asserts that untagged actions are read-only, but the documented list includes an untagged action, `get_health`, that is not clearly a user-data read/search operation and could expose infrastructure or connection details. Incorrect safety labeling trains the agent to trust untagged operations too broadly, weakening safeguards around sensitive connector capabilities.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger language says to use this skill for ANY 1Password request and whenever a task involves 1Password, which is overly broad for a secrets-management integration. Broad routing increases the chance the agent invokes the skill for loosely related prompts, causing unnecessary access to vault metadata or secret contents beyond the user's minimal need.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal