Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
1password Cli.Bak
v1.0.0Securely access and manage secrets using 1Password CLI with a Service Account token for reading, writing, and editing items in a dedicated vault.
⭐ 0· 75·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly requires the 1Password CLI (`op`) and an OP_SERVICE_ACCOUNT_TOKEN environment variable, but the registry metadata lists no required binaries or environment variables. That mismatch is incoherent: a 1Password integration should declare the CLI and the primary credential. The declared purpose (manage secrets in a dedicated vault) does justify the token and CLI, but the metadata omission is a red flag.
Instruction Scope
The runtime instructions stay within the stated purpose: they show how to authenticate, list vaults, read/create/edit/delete items, and advise using JSON output and not printing tokens. The instructions do ask the agent/operator to place OP_SERVICE_ACCOUNT_TOKEN in .env or export it, which implies modifying environment/configuration. They do not instruct the agent to read unrelated system files or send data to external endpoints beyond the 1Password CLI.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). That minimizes direct install risk. The SKILL.md tells the user to install the official 1Password CLI via brew or the vendor docs—reasonable and low-risk because no arbitrary downloads are specified by the skill itself.
Credentials
The skill requires a powerful credential (OP_SERVICE_ACCOUNT_TOKEN) capable of reading and modifying vault items, which is consistent with the described functionality but highly sensitive. The metadata does not declare this required environment variable, which is an inconsistency. The instructions recommend storing the token in .env, which can be insecure—token storage, scope (ensure limited to a single vault and least privilege), and rotation policies should be verified before granting it.
Persistence & Privilege
always is false and the skill does not request system-wide modifications. However, default autonomous invocation is allowed; combined with a service-account token that permits write/delete actions, this increases risk. There's no indication the skill modifies other skills or global agent config.
What to consider before installing
This skill is coherent with a 1Password CLI workflow but has two practical concerns you should resolve before installing: (1) confirm the skill's source and owner (the package metadata and _meta.json entries don't match and there's no homepage), and (2) never give it an OP_SERVICE_ACCOUNT_TOKEN unless you first restrict that service account to the minimal vault and permissions needed (prefer read-only while testing), avoid storing the token in plaintext .env if possible, and enforce rotation/audit. Also ask the publisher to update the skill metadata to declare the required binary (`op`) and the OP_SERVICE_ACCOUNT_TOKEN env var so its requirements are transparent. If you plan to allow autonomous agent invocation, consider using a short-lived or tightly-scoped credential and review agent actions in a safe environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk9731wz7a2kenjags41ss7e49183f0t6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.