ClawHub

1password Local

Security checks across malware telemetry and agentic risk

Overview

This 1Password CLI skill is mostly coherent, but some examples encourage exposing secrets in terminal output or files without enough safeguards.

Review this skill before installing. It is not shown to exfiltrate data or act deceptively, but users should avoid copying examples that print secrets, disable masking, capture terminal history after secret commands, or write injected secrets to plaintext files unless permissions, redaction, and cleanup are handled carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly captures the tmux pane after running 1Password commands, and pane contents can include sensitive output such as account identifiers, vault metadata, item fields, or accidentally revealed secrets from future `op read`, `op run`, or `op inject` troubleshooting steps. In a secrets-management skill, normalizing pane capture without a strong warning or output-sanitization guidance creates a realistic risk of secret exposure into agent logs, transcripts, or other persistent artifacts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The examples show secret material being written to local files (`--out-file ./key.pem`, `op inject ... -o config.yml`) without any warning that these outputs may contain sensitive credentials. In documentation for a secrets-management CLI, this is risky because users may create plaintext secret files with insecure permissions, commit them to source control, or leave them on disk longer than intended.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
## Run

- `export DB_PASSWORD="op://app-prod/db/password"`
- `op run --no-masking -- printenv DB_PASSWORD`
- `op run --env-file="./.env" -- printenv DB_PASSWORD`

## Inject
Confidence
98% confidence
Finding
printenv DB_PASSWORD

Env Variable Harvesting

High
Category
Data Exfiltration
Content
- `export DB_PASSWORD="op://app-prod/db/password"`
- `op run --no-masking -- printenv DB_PASSWORD`
- `op run --env-file="./.env" -- printenv DB_PASSWORD`

## Inject
Confidence
90% confidence
Finding
printenv DB_PASSWORD

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal