Set up and use 1Password CLI for sign-in and secret injection.
The material is an open-source prompt/documentation-style skill with strong source credibility and no declared extra secrets or unknown remote endpoints. The main security consideration is that its purpose is to access and inject sensitive secrets via the 1Password CLI, so overall it falls in the low-to-moderate caution range rather than high risk.
The skill itself does not require extra API keys or environment variables, but its core purpose is to read/inject secrets through a 1Password login session, which involves highly sensitive credential material; there is a normal exposure risk if secrets appear in logs, terminal output, or misuse.
No remote endpoint is declared in the metadata, but the README explicitly includes `op signin` and account access flows, so by function it is expected to communicate with 1Password services for sign-in and secret retrieval; there is no evidence of exfiltration to unrelated or unknown third-party endpoints.
The skill material is prompt/documentation rather than embedded executable code, but its workflow requires running local commands such as `op` and `tmux` and creating sessions, which is standard local process execution; no request for system privileges beyond the stated purpose is shown.
Per the description, it reads vault items/secrets from a 1Password account and may inject them into the runtime environment; the docs also recommend avoiding writing secrets to disk, indicating data access is mainly limited to authorized 1Password data rather than broad local filesystem access.
The source is an auditable open-source GitHub repository with extremely strong community adoption (about 377k stars), which is a significant risk-reducing factor; although the license is unspecified and maintenance status is unknown, there are no high-risk red flags such as closed source, unclear origin, or suspicious injection behavior.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "1password" skill from askskill: 1. Download https://raw.githubusercontent.com/openclaw/openclaw/main/skills/1password/SKILL.md 2. Save it as ~/.claude/skills/1password/SKILL.md 3. Reload skills and tell me it's ready
Please guide me to install and configure 1Password CLI on macOS, including signing in, enabling desktop app integration, and verifying the command works correctly.
A clear set of installation and configuration steps, including how to verify sign-in and integration succeeded.
Show me how to use 1Password CLI to read an API key from a specific vault and safely view or copy it in the terminal without leaking it to shell history.
Example commands for reading the secret, plus practices to avoid exposing sensitive values in the terminal or shell history.
Give me an example of using 1Password CLI to inject a database password and third-party API token as environment variables when starting a local Node.js service.
A ready-to-follow command or script example showing how to securely inject secrets when running the app.
Follow the official CLI get-started steps. Don't guess install commands.
references/get-started.md (install + app integration + sign-in flow)references/cli-examples.md (real op examples)op --version.op commands (no direct op calls outside tmux).op signin (expect app prompt).op whoami (must succeed before any secret read).--account or OP_ACCOUNT.The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
op run / op inject over writing secrets to disk.op account add.op signin inside tmux and authorize in the app.op outside tmux; stop and ask if tmux is unavailable.Debug Node.js apps with inspect, breakpoints, heap, and CPU profiling.
Audit and harden OpenClaw hosts for security and operational health.
List chats, review message history, and send iMessage or SMS from CLI.
Summarize or transcribe URLs, videos, PDFs, and local files quickly.
Create, search, and manage Bear notes on macOS via grizzly CLI.
Automate OpenClaw nightly releases, branch maintenance, and forward-porting to main.
Read and manage credentials via 1Password CLI for secure dev and ops workflows.
Securely fetch 1Password credentials for AI agents and automated logins.
Let AI agents securely use approved 1Password logins without exposing plaintext secrets.
Manage Obsidian vault notes, tasks, links, and plugins via CLI.
Securely access, search, retrieve, and generate passwords from a gopass store.
Manage Doppler secrets securely with AI across projects and configurations.