← 返回 Skills 市场

1password Cli.Bak

Name: 1password Cli.Bak
Author: reiy-leo

作者 Reiy Leo · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

103

总下载

当前安装

版本数

在 OpenClaw 中安装

/install 1password-cli-bak

功能描述

Securely access and manage secrets using 1Password CLI with a Service Account token for reading, writing, and editing items in a dedicated vault.

使用说明 (SKILL.md)

1Password CLI for Agents

This skill allows agents to securely access and manage secrets using the 1Password CLI (op) and a Service Account. It provides commands for reading, writing, and managing items within a dedicated vault.

Prerequisites

Install 1Password CLI:
- macOS: brew install --cask 1password-cli
- Linux/Windows: See official docs.
Create a Service Account:
- Go to 1Password Developer Portal.
- Create a Service Account and grant it access to a specific vault (e.g., "Agent Vault").
- Copy the Service Account Token.
Set Environment Variable:
- Set OP_SERVICE_ACCOUNT_TOKEN in your environment (e.g., .env file or export in shell).
- For OpenClaw, you can add OP_SERVICE_ACCOUNT_TOKEN=... to .env.

Usage

All commands require the OP_SERVICE_ACCOUNT_TOKEN to be set.

1. Check Authentication

Verify the service account is working:

op whoami

2. List Vaults

List vaults accessible to the service account:

op vault list

3. Read an Item

Get details of an item (JSON format is best for parsing):

op item get "Item Name" --vault "Vault Name" --format json

Or get a specific field (e.g., password):

op read "op://Vault Name/Item Name/password"

4. Create an Item

Create a login item:

op item create --category login --title "My Service" --url "https://example.com" --vault "Vault Name" username="myuser" password="mypassword"

Create a secure note:

op item create --category "Secure Note" --title "API Key" --vault "Vault Name" notes="my-secret-key"

5. Edit an Item

Update a password:

op item edit "Item Name" password="newpassword" --vault "Vault Name"

6. Delete an Item

op item delete "Item Name" --vault "Vault Name"

Tips for Agents

Always use JSON output: Add --format json to op commands for structured data that is easier to parse.
Security: Never print the OP_SERVICE_ACCOUNT_TOKEN or retrieved secrets to the console unless explicitly asked.
Vaults: If multiple vaults are available, specify the --vault flag to avoid ambiguity.
Rate Limits: Service accounts have rate limits. Cache results if possible or retry with backoff.

Troubleshooting

"You are not currently signed in": Ensure OP_SERVICE_ACCOUNT_TOKEN is set correctly.
"account is not authorized": Check that the service account has permission for the specific vault and operation (read/write).

安全使用建议

This skill is coherent with a 1Password CLI workflow but has two practical concerns you should resolve before installing: (1) confirm the skill's source and owner (the package metadata and _meta.json entries don't match and there's no homepage), and (2) never give it an OP_SERVICE_ACCOUNT_TOKEN unless you first restrict that service account to the minimal vault and permissions needed (prefer read-only while testing), avoid storing the token in plaintext .env if possible, and enforce rotation/audit. Also ask the publisher to update the skill metadata to declare the required binary (`op`) and the OP_SERVICE_ACCOUNT_TOKEN env var so its requirements are transparent. If you plan to allow autonomous agent invocation, consider using a short-lived or tightly-scoped credential and review agent actions in a safe environment first.

功能分析

Type: OpenClaw Skill Name: 1password-cli-bak Version: 1.0.0 The skill bundle contains only documentation (SKILL.md) and metadata (_meta.json) for using the official 1Password CLI (op). It provides standard instructions for managing secrets via a service account and includes security best practices for agents, with no executable code or malicious instructions detected.

能力评估

⚠ Purpose & Capability

The SKILL.md clearly requires the 1Password CLI (`op`) and an OP_SERVICE_ACCOUNT_TOKEN environment variable, but the registry metadata lists no required binaries or environment variables. That mismatch is incoherent: a 1Password integration should declare the CLI and the primary credential. The declared purpose (manage secrets in a dedicated vault) does justify the token and CLI, but the metadata omission is a red flag.

ℹ Instruction Scope

The runtime instructions stay within the stated purpose: they show how to authenticate, list vaults, read/create/edit/delete items, and advise using JSON output and not printing tokens. The instructions do ask the agent/operator to place OP_SERVICE_ACCOUNT_TOKEN in .env or export it, which implies modifying environment/configuration. They do not instruct the agent to read unrelated system files or send data to external endpoints beyond the 1Password CLI.

✓ Install Mechanism

This is an instruction-only skill (no install spec, no code files). That minimizes direct install risk. The SKILL.md tells the user to install the official 1Password CLI via brew or the vendor docs—reasonable and low-risk because no arbitrary downloads are specified by the skill itself.

⚠ Credentials

The skill requires a powerful credential (OP_SERVICE_ACCOUNT_TOKEN) capable of reading and modifying vault items, which is consistent with the described functionality but highly sensitive. The metadata does not declare this required environment variable, which is an inconsistency. The instructions recommend storing the token in .env, which can be insecure—token storage, scope (ensure limited to a single vault and least privilege), and rotation policies should be verified before granting it.

ℹ Persistence & Privilege

always is false and the skill does not request system-wide modifications. However, default autonomous invocation is allowed; combined with a service-account token that permits write/delete actions, this increases risk. There's no indication the skill modifies other skills or global agent config.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install 1password-cli-bak
安装完成后，直接呼叫该 Skill 的名称或使用 /1password-cli-bak 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of 1Password CLI integration for agents. - Enables secure access to 1Password vaults using the 1Password CLI and a Service Account token. - Provides clear setup instructions, including prerequisites for CLI tool, service account creation, and environment variable configuration. - Documents commands for authenticating, listing vaults, reading, creating, editing, and deleting secrets. - Includes tips for secure usage, structured output, and troubleshooting common issues.

元数据

Slug 1password-cli-bak

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题