← Back to Skills Marketplace
MH 1password
by
mohdalhashemi98-hue
· GitHub ↗
· v1.0.0
515
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mh-1password
Description
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...
Usage Guidance
This skill appears to be an instruction-only helper for the official 1Password CLI and installs via Homebrew — that part is fine. Before installing, consider: 1) The instructions require tmux (creating sockets and capture-pane) but tmux is not declared as a required binary; ensure your environment has tmux and confirm the agent will actually have permission to create/clean up sockets in the chosen directory. 2) The SKILL.md references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR env vars that are not declared — verify what values will be used and that you trust the directory chosen (it may be under /tmp). 3) capture-pane reads terminal output (which can include secrets); ask how the agent/runtime will handle or persist that captured text and ensure it will not be uploaded to logs or external endpoints. 4) Confirm you have a 1Password subscription and the desktop app integration steps the doc references. If you want to proceed, request the skill author add tmux to required binaries, explicitly document how captured pane contents are handled (never sent to external services or logs), and declare any env vars it expects. If the author cannot clarify, treat the mismatch as a risk and avoid using the skill for highly sensitive sign-ins.
Capability Analysis
Type: OpenClaw Skill
Name: mh-1password
Version: 1.0.0
The skill bundle is designed for secure integration with the 1Password CLI. It uses standard tools like `brew` for installation and provides explicit instructions for the AI agent to use `tmux` for all `op` commands, framed as a security measure to manage sessions and prevent re-prompts. Crucially, `SKILL.md` includes strong 'Guardrails' instructing the agent to 'Never paste secrets into logs, chat, or code' and to 'Prefer `op run` / `op inject` over writing secrets to disk'. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection with harmful intent. The examples provided are legitimate 1Password CLI commands, and any potentially risky features (like `op run --no-masking`) are directly addressed by the security guardrails.
Capability Assessment
Purpose & Capability
Name/description, required binary 'op', and the brew install of 1password-cli are coherent with the stated purpose. However the SKILL.md mandates tmux usage (fresh tmux sessions and socket management) while 'tmux' is not listed as a required binary or declared dependency — this mismatch is unexpected and reduces coherence.
Instruction Scope
Instructions require creating a dedicated tmux socket/session, running interactive sign-in inside tmux, and using tmux capture-pane to read the session contents. The SKILL.md references OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR environment variables and a separate 'tmux' skill convention — none of these env vars or the tmux dependency are declared. capture-pane can capture sensitive output; the doc doesn't explicitly say what to do with the captured text or how the agent will handle it.
Install Mechanism
Install spec uses a Homebrew formula ('1password-cli') which is an expected and low-risk mechanism for macOS/Linux users. The install creates the 'op' binary as expected.
Credentials
The skill declares no required environment variables or credentials (which fits a CLI onboarding helper). However the runtime instructions reference OPENCLAW_TMUX_SOCKET_DIR and CLAWDBOT_TMUX_SOCKET_DIR (and fall back to TMPDIR) without declaring them. This is a mismatch to surface; the skill also requires access to the filesystem socket path to create tmux sockets.
Persistence & Privilege
always:false and default autonomous invocation are normal. The skill does not request to modify other skills or system-wide settings. It asks to create temporary tmux sockets/sessions but does not request persistent installation or elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mh-1password - After installation, invoke the skill by name or use
/mh-1password - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Imported from OpenClaw bundled skill
Metadata
Frequently Asked Questions
What is MH 1password?
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/... It is an AI Agent Skill for Claude Code / OpenClaw, with 515 downloads so far.
How do I install MH 1password?
Run "/install mh-1password" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MH 1password free?
Yes, MH 1password is completely free (open-source). You can download, install and use it at no cost.
Which platforms does MH 1password support?
MH 1password is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MH 1password?
It is built and maintained by mohdalhashemi98-hue (@mohdalhashemi98-hue); the current version is v1.0.0.
More Skills