← Back to Skills Marketplace
reiy-leo

1password Cli.Bak

by Reiy Leo · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
103
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install 1password-cli-bak
Description
Securely access and manage secrets using 1Password CLI with a Service Account token for reading, writing, and editing items in a dedicated vault.
README (SKILL.md)

1Password CLI for Agents

This skill allows agents to securely access and manage secrets using the 1Password CLI (op) and a Service Account. It provides commands for reading, writing, and managing items within a dedicated vault.

Prerequisites

  1. Install 1Password CLI:
    • macOS: brew install --cask 1password-cli
    • Linux/Windows: See official docs.
  2. Create a Service Account:
    • Go to 1Password Developer Portal.
    • Create a Service Account and grant it access to a specific vault (e.g., "Agent Vault").
    • Copy the Service Account Token.
  3. Set Environment Variable:
    • Set OP_SERVICE_ACCOUNT_TOKEN in your environment (e.g., .env file or export in shell).
    • For OpenClaw, you can add OP_SERVICE_ACCOUNT_TOKEN=... to .env.

Usage

All commands require the OP_SERVICE_ACCOUNT_TOKEN to be set.

1. Check Authentication

Verify the service account is working:

op whoami

2. List Vaults

List vaults accessible to the service account:

op vault list

3. Read an Item

Get details of an item (JSON format is best for parsing):

op item get "Item Name" --vault "Vault Name" --format json

Or get a specific field (e.g., password):

op read "op://Vault Name/Item Name/password"

4. Create an Item

Create a login item:

op item create --category login --title "My Service" --url "https://example.com" --vault "Vault Name" username="myuser" password="mypassword"

Create a secure note:

op item create --category "Secure Note" --title "API Key" --vault "Vault Name" notes="my-secret-key"

5. Edit an Item

Update a password:

op item edit "Item Name" password="newpassword" --vault "Vault Name"

6. Delete an Item

op item delete "Item Name" --vault "Vault Name"

Tips for Agents

  • Always use JSON output: Add --format json to op commands for structured data that is easier to parse.
  • Security: Never print the OP_SERVICE_ACCOUNT_TOKEN or retrieved secrets to the console unless explicitly asked.
  • Vaults: If multiple vaults are available, specify the --vault flag to avoid ambiguity.
  • Rate Limits: Service accounts have rate limits. Cache results if possible or retry with backoff.

Troubleshooting

  • "You are not currently signed in": Ensure OP_SERVICE_ACCOUNT_TOKEN is set correctly.
  • "account is not authorized": Check that the service account has permission for the specific vault and operation (read/write).
Usage Guidance
This skill is coherent with a 1Password CLI workflow but has two practical concerns you should resolve before installing: (1) confirm the skill's source and owner (the package metadata and _meta.json entries don't match and there's no homepage), and (2) never give it an OP_SERVICE_ACCOUNT_TOKEN unless you first restrict that service account to the minimal vault and permissions needed (prefer read-only while testing), avoid storing the token in plaintext .env if possible, and enforce rotation/audit. Also ask the publisher to update the skill metadata to declare the required binary (`op`) and the OP_SERVICE_ACCOUNT_TOKEN env var so its requirements are transparent. If you plan to allow autonomous agent invocation, consider using a short-lived or tightly-scoped credential and review agent actions in a safe environment first.
Capability Analysis
Type: OpenClaw Skill Name: 1password-cli-bak Version: 1.0.0 The skill bundle contains only documentation (SKILL.md) and metadata (_meta.json) for using the official 1Password CLI (op). It provides standard instructions for managing secrets via a service account and includes security best practices for agents, with no executable code or malicious instructions detected.
Capability Assessment
Purpose & Capability
The SKILL.md clearly requires the 1Password CLI (`op`) and an OP_SERVICE_ACCOUNT_TOKEN environment variable, but the registry metadata lists no required binaries or environment variables. That mismatch is incoherent: a 1Password integration should declare the CLI and the primary credential. The declared purpose (manage secrets in a dedicated vault) does justify the token and CLI, but the metadata omission is a red flag.
Instruction Scope
The runtime instructions stay within the stated purpose: they show how to authenticate, list vaults, read/create/edit/delete items, and advise using JSON output and not printing tokens. The instructions do ask the agent/operator to place OP_SERVICE_ACCOUNT_TOKEN in .env or export it, which implies modifying environment/configuration. They do not instruct the agent to read unrelated system files or send data to external endpoints beyond the 1Password CLI.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). That minimizes direct install risk. The SKILL.md tells the user to install the official 1Password CLI via brew or the vendor docs—reasonable and low-risk because no arbitrary downloads are specified by the skill itself.
Credentials
The skill requires a powerful credential (OP_SERVICE_ACCOUNT_TOKEN) capable of reading and modifying vault items, which is consistent with the described functionality but highly sensitive. The metadata does not declare this required environment variable, which is an inconsistency. The instructions recommend storing the token in .env, which can be insecure—token storage, scope (ensure limited to a single vault and least privilege), and rotation policies should be verified before granting it.
Persistence & Privilege
always is false and the skill does not request system-wide modifications. However, default autonomous invocation is allowed; combined with a service-account token that permits write/delete actions, this increases risk. There's no indication the skill modifies other skills or global agent config.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install 1password-cli-bak
  3. After installation, invoke the skill by name or use /1password-cli-bak
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of 1Password CLI integration for agents. - Enables secure access to 1Password vaults using the 1Password CLI and a Service Account token. - Provides clear setup instructions, including prerequisites for CLI tool, service account creation, and environment variable configuration. - Documents commands for authenticating, listing vaults, reading, creating, editing, and deleting secrets. - Includes tips for secure usage, structured output, and troubleshooting common issues.
Metadata
Slug 1password-cli-bak
Version 1.0.0
License MIT-0
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is 1password Cli.Bak?

Securely access and manage secrets using 1Password CLI with a Service Account token for reading, writing, and editing items in a dedicated vault. It is an AI Agent Skill for Claude Code / OpenClaw, with 103 downloads so far.

How do I install 1password Cli.Bak?

Run "/install 1password-cli-bak" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 1password Cli.Bak free?

Yes, 1password Cli.Bak is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 1password Cli.Bak support?

1password Cli.Bak is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 1password Cli.Bak?

It is built and maintained by Reiy Leo (@reiy-leo); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments