1Person
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only integration, but it requires a 1Person API key and advertises persistent memory and multi-agent autonomous workflows, so users should review privacy and control settings before use.
This skill does not include local code or an install script, and its sensitive behaviors are disclosed and aligned with its purpose. Before installing, make sure you trust 1Person, review its documentation for memory retention, data sharing, workflow approvals, and agent delegation, and use the narrowest API key permissions available.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill depends on trusting 1Person with the permissions associated with your API key.
The skill requires a 1Person API key. This is expected for the integration, but the key may grant access to the user's 1Person account or workspace.
requires":{"env":["ONEPERSON_API_KEY"]},"primaryEnv":"ONEPERSON_API_KEY"Use a dedicated or least-privilege API key if available, and revoke it if you stop using the skill.
Information shared with the service may be remembered and reused in later sessions.
The skill explicitly advertises persistent memory. This is purpose-aligned, but retained context can affect future tasks and may store sensitive information depending on the service's controls.
- **Memory** — Persistent context across sessions
Review 1Person's memory retention and deletion controls, and avoid sending secrets or sensitive personal data unless you are comfortable with its storage policies.
Tasks or context may be delegated among multiple agents within the 1Person service.
The skill describes multi-agent orchestration. That is core to the stated purpose, but the artifact does not detail agent identity, data-sharing boundaries, or permission separation.
- **Multi-Agent** — Orchestrate specialized agents for complex tasks
Review the service documentation for how agents share data, how delegation is approved, and how to limit agent permissions.
You have less independent provenance information for verifying who maintains the skill.
The registry information does not identify a source repository. There is no code or install script in this artifact set, so this is a provenance note rather than evidence of unsafe behavior.
Source: unknown
Confirm that the homepage and documentation are the official 1Person resources before adding your API key.