首页龙虾技能列表 › 1password Temp

🔐 1password Temp

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 50·0 当前·0 累计
by @hansolero·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/3
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
high confidence
The skill's purpose (help with the 1Password CLI) is plausible, but the runtime instructions require tmux and capture terminal output in ways that are not declared or safely constrained — this mismatch and the potential for secret-containing output to be captured and retained are concerning.
评估建议
This skill mostly does what it says (help run the 1Password CLI), but there are two issues you should address before installing or using it: (1) The runtime requires tmux but the skill metadata does not declare tmux as a required binary — ensure tmux is present and that the skill's metadata is updated to list it. (2) The instructions capture tmux pane output (capture-pane) which can include secrets; confirm how the agent will handle that captured text (it must not be logged, transmitted, or stor...
详细分析 ▾
用途与能力
The skill claims to set up and use the 1Password CLI and declares the op binary and a brew install for the official 1password-cli formula, which matches the stated purpose. However, the SKILL.md requires running all op commands inside a fresh tmux session and references a tmux socket convention; yet the registry metadata does not declare tmux as a required binary. That omission is an incoherence: tmux is necessary for the described workflow but not listed as a requirement.
指令范围
Instructions tell the agent to create a tmux socket, send interactive signin commands, run op whoami/vault list, capture the tmux pane output (capture-pane -p -J), then kill the session. capture-pane can capture secret-containing output; the SKILL.md does not specify safe handling, storage, or transmission of that captured output. The instructions also direct interactive sign-in automation (sending keys) which relies on desktop app integration and could leak sensitive output if the agent logs the captured pane or transmits it. The doc's insistence on 'never paste secrets into logs/chat' is good but does not prevent accidental capture or subsequent transmission of secrets by the agent.
安装机制
The install spec uses a Homebrew formula '1password-cli' to provide the op binary. This is an expected, low-risk install mechanism for this CLI on systems with Homebrew. No downloads from arbitrary URLs or archive extraction are present.
凭证需求
The skill does not request credentials or declare required env vars, which is appropriate because interactive sign-in is expected. However, the instructions reference OPENCLAW_TMUX_SOCKET_DIR, TMPDIR and OP_ACCOUNT (and suggest following a 'tmux' skill's socket conventions) without declaring them. The workflow requires filesystem socket creation in /tmp (or OPENCLAW_TMUX_SOCKET_DIR) and may interact with OP_ACCOUNT—these environment uses should be declared or explained.
持久化与权限
always is false and the skill is instruction-only (no code files). It creates transient tmux sessions and socket files and then kills the session; it does not request persistent presence or system-wide config changes. No modifications to other skills' configs are specified.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/3

Initial release of 1Password CLI setup and usage skill. - Guides users through installing and verifying the 1Password CLI (`op`), with reference to official documentation. - Enforces running all `op` commands inside a dedicated tmux session to maintain security and session state. - Outlines steps for desktop app integration and multi-account sign-in. - Provides CLI workflow for authentication, secret access, and troubleshooting. - Includes guardrails to prevent leaking secrets and improper usage outside tmux.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install 1password-temp
镜像加速npx clawhub@latest install 1password-temp --registry https://cn.clawhub-mirror.com

技能文档

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  • Check OS + shell.
  • Verify CLI present: op --version.
  • Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  • REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  • Sign in / authorize inside tmux: op signin (expect app prompt).
  • Verify access inside tmux: op whoami (must succeed before any secret read).
  • If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务