首页龙虾技能列表 › Wip 1password Private — 技能工具

Wip 1password Private — 技能工具

v0.2.2

[自动翻译] Headless plugin for 1Password secrets using service accounts, resolving op:// references, reading/writing secrets, and listing vault items via JS SDK.

0· 233·0 当前·0 累计
by @parkertoddbrooks (Parker Todd Brooks)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/11
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill appears to implement a 1Password service-account based plugin as described, but its manifest/inventory omits the sensitive file/credential requirements and there are a few metadata/install inconsistencies you should resolve before trusting it with secrets.
评估建议
Key things to check before installing or enabling this skill: - Metadata mismatch: SKILL.md and code expect a 1Password service-account token at ~/.openclaw/secrets/op-sa-token (or via OP_SERVICE_ACCOUNT_TOKEN), but the registry metadata lists no required env/config or primary credential. Treat that as a red flag until resolved. Ask the publisher to update the manifest to explicitly declare tokenPath and any env vars required. - Inspect the source before use: review src/index.ts and mcp-server...
详细分析 ▾
用途与能力
The code and SKILL.md describe a coherent 1Password secrets plugin (resolve op:// refs, read/write secrets, list vault items) which matches the stated purpose. However the registry metadata claims no required env vars/config paths/primary credential, while the runtime instructions and developer docs require a service-account token stored at ~/.openclaw/secrets/op-sa-token (and sometimes reference OP_SERVICE_ACCOUNT_TOKEN). That omission is an inconsistency: a secrets plugin legitimately needs the service account token and a tokenPath config, but the skill metadata does not declare them.
指令范围
The runtime instructions focus on resolving op:// references, providing agent tools (op_read_secret, op_list_items, op_write_secret), and registering a startup resolver — all within the stated scope. The SKILL.md and docs instruct the plugin to read a service-account token from disk and to set process.env.OPENAI_API_KEY at startup; they also give developer examples that shell out to the `op` CLI. Those I/O and subprocess actions are expected for this plugin type, though they are sensitive because they handle secrets.
安装机制
There is no registry-level install spec recorded, yet the SKILL.md includes an openclaw.install section and npm install instructions for @wipcomputer/wip-1password (an ordinary npm package). Installing via npm is reasonable. There are no downloads from arbitrary URLs or obfuscated installers in the files provided.
凭证需求
The skill requires access to a 1Password service account token and will read a token file at ~/.openclaw/secrets/op-sa-token (and/or use OP_SERVICE_ACCOUNT_TOKEN when invoking `op`). Those sensitive access details are not declared in the registry metadata (no required env vars/config paths/primary credential). The plugin also sets process.env.OPENAI_API_KEY from a retrieved secret, which is expected for its purpose but increases the blast radius if misconfigured. Ensure the service account has minimal permissions (read-only for configured vaults) and that the token path is acceptable to you.
持久化与权限
always: false and model invocation/autonomous use are default. The plugin registers a startup resolver service (normal for a plugin that mutates runtime config) but does not request permanent platform-wide privileges in the manifest. It does read a user-local token file and modifies process.env for the process — expected behavior for a secrets resolver but should be considered sensitive.
mcp-server.mjs:26
Shell command execution detected (child_process).
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv0.2.22026/3/12

## v0.2.2: AI-Native Homepage, MCP Fix, Plan Requirements Ran wip-1password through the WIP DevOps toolbox and rebuilt the homepage from the ground up. The README is now an AI-compatible product page. All technical documentation lives in TECHNICAL.md. The MCP server that was crashing since v0.2.0 is fixed. 1Password plan requirements updated after direct conversations with 1Password support. --- ### README rebuilt as a product page **The problem it solved:** The old README was 400+ lines of technical documentation. Quick Start, Agent Tools API, Config Resolution, CLI Commands, Write Support, Security, Troubleshooting, Developer Guide... all in one file. No human would read it. No agent could parse it efficiently. **What changed:** The README is now a product page. One description, a "Teach Your AI" prompt block (Karpathy pattern), four human-readable bullets, and links to docs. That's it. The "Teach Your AI" block is the key feature. You paste it into Claude Code, ChatGPT, or any MCP-compatible agent. The agent reads the SKILL.md, explains what the tools do, dry-runs the install, and waits for your go-ahead before writing anything to disk. The README talks to AI now. All technical content moved to TECHNICAL.md: Quick Start (6 steps), Agent Tools API (3 tools with parameter tables), Config Secret Resolution (with the `memorySearch.remote` gotcha), CLI Commands, Write Support, Configuration, How It Works, Security, Troubleshooting, and a full Developer Guide with three integration options and patterns for common scenarios. New description: "Give your AI secure access to 1Password. Never copy-paste an API key into a chat window again." **What changed:** - `README.md` ... gutted from 400+ lines to ~75. Product page only. Badges, description, Teach Your AI block, What It Does (4 bullets), Documentation links, License. - `TECHNICAL.md` ... expanded with all content from README plus new Developer Guide section (3 integration options, common patterns, key rules, example projects table). --- ### MCP server fixed **The problem it solved:** `mcp-server.mjs` crashed on startup with "Schema is missing a method literal." The MCP server shipped in v0.2.0 but never actually worked. Every Claude Code user who tried to connect op-secrets hit this error. **Root cause:** `setRequestHandler` was called with raw strings (`"tools/list"`, `"tools/call"`) instead of SDK schema objects. The MCP SDK validates the first argument against its type system and rejects strings. **The fix:** ```javascript // Before (broken) server.setRequestHandler("tools/list", async () => ({...})); server.setRequestHandler("tools/call", async (request) => ({...})); // After (working) import { ListToolsRequestSchema, CallToolRequestSchema } from "@modelcontextprotocol/sdk/types.js"; server.setRequestHandler(ListToolsRequestSchema, async () => ({...})); server.setRequestHandler(CallToolRequestSchema, async (request) => ({...})); ``` op-secrets MCP server now starts clean and connects to Claude Code. **What changed:** - `mcp-server.mjs` ... import `ListToolsRequestSchema` and `CallToolRequestSchema` from `@modelcontextprotocol/sdk/types.js`, replace string handlers with schema objects. --- ### 1Password plan requirements updated Parker went back and forth with 1Password directly. The original docs said "Teams or Business" for service accounts. That was wrong. **What we confirmed:** - Service accounts work on **all plans**: Individual, Family, Teams, Business. - Headless operation (no desktop app) confirmed on Teams and Business. - Lower-tier plans may require the desktop app for initial setup. **What changed:** - `TECHNICAL.md` ... prerequisites section updated with correct plan requirements. - `SKILL.md` ... compatibility line updated. Description changed from "OpenClaw plugin" to "AI plugin (Claude Code, OpenClaw)". --- ### Feature priority reordered Agent tools (read/write secrets) is the #1 value of this tool. It was listed after config resolution. Reordered in both README and TECHNICAL.md: 1. Agent tools (read/write secrets on demand) 2. MCP server for Claude Code 3. Config resolution (`op://` refs at startup) 4. CLI diagnostics --- ### Files Changed ``` README.md | 389 ++---------------------------------------------- SKILL.md | 8 +- TECHNICAL.md | 116 +++++++++++---- mcp-server.mjs | 5 +- 5 files changed, 121 insertions(+), 412 deletions(-) ``` ### Install ```bash npm install -g @wipcomputer/wip-1password@0.2.2 ``` Or update your local clone: ```bash git pull origin main ``` --- Built by Parker Todd Brooks, Lēsa (OpenClaw, Claude Opus 4.6), Claude Code (Claude Opus 4.6).

● 可疑

安装命令 点击复制

官方npx clawhub@latest install wip-1password
镜像加速npx clawhub@latest install wip-1password --registry https://cn.clawhub-mirror.com

技能文档

AI plugin (Claude Code, OpenClaw) for 1Password secrets. Uses the official JavaScript SDK with service accounts for fully headless operation... no desktop app, no biometrics, no popups.

When to Use This Skill

Use wip-1password for:

  • Resolving op:// secret references in config files at startup
  • Reading API keys, tokens, and credentials from 1Password at runtime
  • Storing new secrets in 1Password vaults
  • Listing available secrets in a vault

Do NOT Use For

  • Managing 1Password accounts or users (use the 1Password admin console)
  • Accessing built-in vaults (Shared, Employee, Private). Service accounts only work with custom vaults.
  • Repos that don't use OpenClaw (use the op CLI directly instead)

API Reference

OpenClaw Plugin (startup resolver)

Resolves op://vault/item/field strings in openclaw.json at boot. Values exist in memory only... never written to disk.

// In openclaw.json
"someService": {
  "apiKey": "op://Agent Secrets/Some Service/api key"
}

Agent Tools

op_read_secret({ item: "OpenAI API", vault: "Agent Secrets", field: "api key" })
op_list_items({ vault: "Agent Secrets" })
op_write_secret({ item: "New Key", value: "sk-...", vault: "Agent Secrets" })

Module

import { resolveSecretRefs } from "@wipcomputer/wip-1password";
const resolved = await resolveSecretRefs({
  apiKey: "op://Agent Secrets/OpenAI API/api key",
});

Setup

# 1. Save service account token
mkdir -p ~/.openclaw/secrets
echo "ops_..." > ~/.openclaw/secrets/op-sa-token
chmod 600 ~/.openclaw/secrets/op-sa-token
# 2. Enable in openclaw.json
# plugins.entries.op-secrets.enabled = true
# plugins.entries.op-secrets.config.defaultVault = "Agent Secrets"
# 3. Test
openclaw op-secrets test

Key Rules

  • Never call op bare. Always prefix with OP_SERVICE_ACCOUNT_TOKEN.
  • Never log secret values. Store in variables only.
  • Leave memorySearch.remote as {} ... the plugin sets process.env.OPENAI_API_KEY instead.
  • Service account token: Always at ~/.openclaw/secrets/op-sa-token.
  • Custom vaults only. Service accounts can't access built-in vaults.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务