首页 / 技能 / 1Password Service Account — 安全注入密钥

📦 1Password Service Account — 安全注入密钥

v1.0.2

通过服务账号把 1Password 中的密钥安全注入 Agent 工作流,主模式用 op run/.env.tpl,备选 op read,支持自动轮换与最小权限。

0· 572·0 当前·0 累计
in-liberty420 头像by @in-liberty420
安全自动化云服务开发工具工作流
下载技能包
最后更新
2026/2/26
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
high confidence
NULL
评估建议
This skill appears coherent and focused on safe 1Password CLI usage, but check two things before installing: (1) confirm whether your agent registry metadata or the SKILL.md is authoritative for required env vars — SKILL.md expects OP_SERVICE_ACCOUNT_TOKEN, so ensure you can provide that token from a secure store and replace the __REPLACE_WITH_SECURE_STORE_COMMAND__ placeholder with a legitimate retrieval command; (2) ensure the service account used has least privilege in 1Password (only the vau...
详细分析 ▾
用途与能力
Name/description match what the skill does: it wraps the 1Password CLI ('op') for secret injection into agent workflows. Requiring the 'op' binary and offering a Homebrew install for 1password-cli is proportionate. One inconsistency: the registry metadata lists no required env vars, but the SKILL.md metadata and runtime instructions clearly expect an OP_SERVICE_ACCOUNT_TOKEN.
指令范围
SKILL.md stays on-topic: it documents using 'op run' and 'op read' safely, forbids printing secrets, warns about masking, and includes validation patterns for untrusted input. All example commands and troubleshooting steps are consistent with the stated purpose and do not instruct reading unrelated system files or exfiltrating secrets to unexpected endpoints.
安装机制
Install spec uses the Homebrew formula '1password-cli' and creates the 'op' binary — a standard, low-risk mechanism from a known package ecosystem. No downloads from arbitrary URLs or archive extraction are present.
凭证需求
The runtime docs require an OP_SERVICE_ACCOUNT_TOKEN (and provide patterns for retrieving it from platform secure stores), which is appropriate for a 1Password service-account workflow. However, the registry 'Required env vars' field is empty while SKILL.md.metadata lists OP_SERVICE_ACCOUNT_TOKEN, creating a metadata mismatch the user should confirm before installing.
持久化与权限
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide agent settings. Default autonomous invocation is allowed (platform default) but not elevated here; no unexpected persistent privileges are requested.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.22026/2/22

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install 1password-sa
镜像加速npx clawhub@latest install 1password-sa --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库