1password
Security checks across malware telemetry and agentic risk
Overview
This is a coherent 1Password CLI helper, but it can give the agent access to vault secrets and includes examples that can print or write secrets, so it needs careful review before use.
Install only if you want the agent to help with 1Password CLI operations. Keep 1Password locked until needed, approve the exact account/vault/item path, and do not allow unmasked secret printing, terminal capture of secret values, or writing private keys/passwords to disk unless you explicitly requested it.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized while 1Password is unlocked, the agent may be able to access secrets available to the signed-in account.
The skill is explicitly designed to sign into 1Password and access secrets. That is purpose-aligned, but it is high-impact credential-vault authority and is not bounded in the artifacts to specific vaults, accounts, or items.
description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Use only when you intentionally want the agent to operate 1Password CLI. Specify the exact account, vault, and item path, and require confirmation before any secret read, inject, or run action.
Secrets could be displayed in terminal output, captured into chat/logs, or left on disk as sensitive files.
The referenced examples include writing a private key to disk and printing an unmasked secret value. These are legitimate op capabilities, but they are unsafe defaults if used without explicit user intent and careful output handling.
`op read --out-file ./key.pem op://app-prod/server/ssh/key.pem`; `op run --no-masking -- printenv DB_PASSWORD`
Avoid commands that use --no-masking, printenv secrets, capture secret output, or write keys/passwords to disk unless the user explicitly asks for that exact action.