ClawHub

1Password Cli For Agents

v0.1.0

Securely access and manage secrets with 1Password CLI using a Service Account token for vault operations like read, write, edit, and delete.

0· 1.3k·5 current·7 all-time
by@sichengchen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The SKILL.md describes a 1Password CLI helper for agents (listing, reading, creating, editing, deleting items) which matches the skill name and purpose. However, the metadata declares no required environment variables or primary credential even though the instructions explicitly require OP_SERVICE_ACCOUNT_TOKEN.
Instruction Scope
Instructions are concrete and scoped to using the 'op' CLI and a service account token to access a dedicated vault. They do not ask the agent to read unrelated system files or other credentials. They do instruct adding OP_SERVICE_ACCOUNT_TOKEN to a .env or environment, and warn not to print secrets.
Install Mechanism
This is an instruction-only skill with no install spec or code — lowest install risk. It sensibly directs users to official 1Password install channels (brew or official docs).
!
Credentials
The instructions require a highly sensitive OP_SERVICE_ACCOUNT_TOKEN (service account token with vault access), but the skill metadata does not declare any required env vars or a primaryEnv. Requesting an all-powerful service token is proportional to the stated functionality only if the token is limited to the specific 'Agent Vault' and least privilege is enforced. The missing declaration in metadata is an inconsistency and increases risk because users or platforms may not realize which secret the skill expects or how it will be used.
Persistence & Privilege
The skill does not request persistent presence (always: false) and does not ask to modify other skills or system settings. Autonomous invocation is allowed by default on the platform; combined with access to a vault token this increases blast radius but is platform-normal.
What to consider before installing
This SKILL.md is coherent in explaining how to use the 1Password CLI, but it fails to declare the sensitive environment variable it requires. Before installing or enabling this skill: 1) Do not provide a broad/owner-level 1Password token — create a Service Account token with the minimum permissions and grant access only to a dedicated vault. 2) Insist the skill metadata explicitly list OP_SERVICE_ACCOUNT_TOKEN as the primary credential (so the platform can surface and protect it). 3) Store the token securely (secret manager or platform-provided secret field), avoid putting it in plaintext .env files, and rotate it regularly. 4) Limit agent autonomy or audit agent actions if you allow autonomous invocation (agents with access to the token can read/write secrets). 5) Test in a restricted environment/vault first and enable logging/auditing of access. These steps will reduce the risk posed by the currently missing metadata and the powerful credential the skill requires.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eeq0h1tmapsn070ff8g1vzx80zhkh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

1Password CLI for Agents

This skill allows agents to securely access and manage secrets using the 1Password CLI (op) and a Service Account. It provides commands for reading, writing, and managing items within a dedicated vault.

Prerequisites

  1. Install 1Password CLI:
    • macOS: brew install --cask 1password-cli
    • Linux/Windows: See official docs.
  2. Create a Service Account:
    • Go to 1Password Developer Portal.
    • Create a Service Account and grant it access to a specific vault (e.g., "Agent Vault").
    • Copy the Service Account Token.
  3. Set Environment Variable:
    • Set OP_SERVICE_ACCOUNT_TOKEN in your environment (e.g., .env file or export in shell).
    • For OpenClaw, you can add OP_SERVICE_ACCOUNT_TOKEN=... to .env.

Usage

All commands require the OP_SERVICE_ACCOUNT_TOKEN to be set.

1. Check Authentication

Verify the service account is working:

op whoami

2. List Vaults

List vaults accessible to the service account:

op vault list

3. Read an Item

Get details of an item (JSON format is best for parsing):

op item get "Item Name" --vault "Vault Name" --format json

Or get a specific field (e.g., password):

op read "op://Vault Name/Item Name/password"

4. Create an Item

Create a login item:

op item create --category login --title "My Service" --url "https://example.com" --vault "Vault Name" username="myuser" password="mypassword"

Create a secure note:

op item create --category "Secure Note" --title "API Key" --vault "Vault Name" notes="my-secret-key"

5. Edit an Item

Update a password:

op item edit "Item Name" password="newpassword" --vault "Vault Name"

6. Delete an Item

op item delete "Item Name" --vault "Vault Name"

Tips for Agents

  • Always use JSON output: Add --format json to op commands for structured data that is easier to parse.
  • Security: Never print the OP_SERVICE_ACCOUNT_TOKEN or retrieved secrets to the console unless explicitly asked.
  • Vaults: If multiple vaults are available, specify the --vault flag to avoid ambiguity.
  • Rate Limits: Service accounts have rate limits. Cache results if possible or retry with backoff.

Troubleshooting

  • "You are not currently signed in": Ensure OP_SERVICE_ACCOUNT_TOKEN is set correctly.
  • "account is not authorized": Check that the service account has permission for the specific vault and operation (read/write).

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…