ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

1password.Bak

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 131·1 current·2 all-time
by@zhaozewen0519·fork of @steipete/1password (1.0.1)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description: 1Password CLI setup and usage. Declared requirement: op binary and an install path via Homebrew formula '1password-cli' which produces the 'op' binary — this is exactly what the skill needs and nothing extraneous is requested.
Instruction Scope
SKILL.md is instruction-only and stays on-task (install/enable app integration, signin, run/read/inject secrets). It requires running op inside a fresh tmux session and even captures the pane output; while reasonable to automate sign-in checks, capture-pane can include sensitive terminal output if secrets are printed. The file also references env vars like CLAWDBOT_TMUX_SOCKET_DIR and OP_ACCOUNT (typical but not declared). Follow the guardrails (do not print secrets, prefer op inject/run) and avoid capturing commands that emit secrets.
Install Mechanism
Install spec uses Homebrew formula '1password-cli' to provide the 'op' binary. This is a standard, low-risk package source for macOS/Linux that is proportionate to the stated purpose.
Credentials
The skill declares no required credentials or config paths. Its occasional references to common env vars (OP_ACCOUNT, TMPDIR-like variables, CLAWDBOT_TMUX_SOCKET_DIR) are operational conveniences, not secret requests. No unrelated credentials or high-privilege environment access are requested.
Persistence & Privilege
always is false and the skill is user-invocable. It does not request persistent/system-wide changes or cross-skill configuration. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is coherent for installing and using the 1Password CLI. Before installing or running it: 1) verify you trust the Homebrew formula source (official 1Password/Homebrew tap), 2) run the sign-in steps in an isolated environment so you don't accidentally expose secrets to logs or shared tmux sockets, and 3) prefer op inject/op run patterns over printing secrets to the terminal. Be cautious with the SKILL.md's capture-pane step — it can capture output that might accidentally include sensitive data; modify or omit that capture if you will run commands that print secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97an5ke9j5megdvdvgfhy4pdn834wx3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis
Binsop

Install

Install 1Password CLI (brew)
Bins: op
brew install 1password-cli

Comments