1Password Cli For Agents
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a coherent instruction-only 1Password CLI helper, but it can let an agent read, change, delete, and possibly cache secrets, so use a tightly limited vault and token.
Install only if you are comfortable letting an agent use a 1Password service account. Create a dedicated vault, grant minimum permissions, keep OP_SERVICE_ACCOUNT_TOKEN private, require confirmation for writes or deletes, and avoid caching retrieved secrets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is too broadly scoped, the agent could access or change more secrets than intended.
The skill requires a 1Password service account token that can access vault data. This is expected for the integration, but it grants meaningful account authority.
Create a Service Account and grant it access to a specific vault ... Set `OP_SERVICE_ACCOUNT_TOKEN` in your environment ... All commands require the `OP_SERVICE_ACCOUNT_TOKEN` to be set.
Use a dedicated 1Password vault, grant the service account only the minimum needed permissions, keep the token out of logs and source control, and rotate it if exposed.
A mistaken or overbroad command could modify or remove important secrets.
The documented CLI operations can create, edit, and delete 1Password vault items. This matches the stated purpose, but these are high-impact operations.
op item create ... op item edit "Item Name" password="newpassword" ... op item delete "Item Name" --vault "Vault Name"
Require explicit user confirmation before create, edit, or delete operations, always specify the vault, and prefer read-only service account permissions when write access is not required.
Secrets could remain in an agent cache, transcript, or other temporary storage longer than the user expects.
The instruction to cache results is underspecified for a secrets workflow; cached results could include retrieved secret values.
Rate Limits: Service accounts have rate limits. Cache results if possible or retry with backoff.
Do not cache secret values. If caching is necessary, cache only non-sensitive metadata, keep it short-lived, and clear it after the task.