首页龙虾技能列表 › 1password 1.0.1.Zip

🔐 1password 1.0.1.Zip

v1.0.0

Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...

0· 71·1 当前·1 累计
by @cuiday1975·MIT-0
下载技能包
License
MIT-0
最后更新
2026/3/26
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill's purpose (installing/using the 1Password CLI) is coherent, but the runtime instructions reference undeclared environment state and ask the agent to capture tmux panes (which can contain secrets), so the operational details warrant caution before use.
评估建议
This skill appears to do what it says (set up and run the 1Password CLI) and installs the official brew formula, but there are operational details to review before installing: - The runtime instructions automate interactive sign-in inside tmux and explicitly capture tmux pane output. Captured output can include secrets if the agent or a user runs commands that reveal them. Only proceed if you trust the agent's handling of captured output and logs. - The SKILL.md references CLAWDBOT_TMUX_SOCKET_...
详细分析 ▾
用途与能力
Name, description, required binary (op), and the brew install (1password-cli -> op) match the stated purpose of configuring and using the 1Password CLI.
指令范围
SKILL.md tells the agent to create tmux sessions, drive interactive signin, capture the tmux pane, and then kill the session. Capturing pane contents can include secrets if commands that output secrets are run; the instructions do warn not to paste secrets, but the skill still automates reading TTY output. The instructions also reference a CLAWDBOT_TMUX_SOCKET_DIR environment variable and 'tmux skill' conventions that are not declared in requires.env, so the skill relies on implicit agent environment/state.
安装机制
Install uses Homebrew formula '1password-cli' to provide 'op' — a standard, low-risk distribution channel for this CLI.
凭证需求
The skill declares no required env vars or credentials (appropriate for a CLI wrapper). However, the runtime examples reference CLAWDBOT_TMUX_SOCKET_DIR (an implicit env var) and TMPDIR; referencing undeclared agent-specific env vars is a mismatch and deserves attention. No external credentials are requested by the skill.
持久化与权限
always:false and no install-time modifications beyond installing the CLI are requested. The skill does not request persistent/global privileges or modify other skills' configurations.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/26

1Password CLI skill initial release: - Provides setup and usage instructions for 1Password CLI (op), including install steps, app integration, and sign-in workflow. - Requires all `op` commands to be run inside a dedicated tmux session for security and reliability. - Offers best practices and guardrails for handling secrets safely. - Includes links to official documentation and workflow references.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install 1password-1-0-1-zip
镜像加速npx clawhub@latest install 1password-1-0-1-zip --registry https://cn.clawhub-mirror.com

技能文档

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md (install + app integration + sign-in flow)
  • references/cli-examples.md (real op examples)

Workflow

  • Check OS + shell.
  • Verify CLI present: op --version.
  • Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  • REQUIRED: create a fresh tmux session for all op commands (no direct op calls outside tmux).
  • Sign in / authorize inside tmux: op signin (expect app prompt).
  • Verify access inside tmux: op whoami (must succeed before any secret read).
  • If multiple accounts: use --account or OP_ACCOUNT.

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.

Example (see tmux skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer op run / op inject over writing secrets to disk.
  • If sign-in without app integration is needed, use op account add.
  • If a command returns "account is not signed in", re-run op signin inside tmux and authorize in the app.
  • Do not run op outside tmux; stop and ask if tmux is unavailable.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务