← 返回 Skills 市场
81
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install 1password-temp
功能描述
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/...
使用说明 (SKILL.md)
1Password CLI
Follow the official CLI get-started steps. Don't guess install commands.
References
references/get-started.md(install + app integration + sign-in flow)references/cli-examples.md(realopexamples)
Workflow
- Check OS + shell.
- Verify CLI present:
op --version. - Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
- REQUIRED: create a fresh tmux session for all
opcommands (no directopcalls outside tmux). - Sign in / authorize inside tmux:
op signin(expect app prompt). - Verify access inside tmux:
op whoami(must succeed before any secret read). - If multiple accounts: use
--accountorOP_ACCOUNT.
REQUIRED tmux session (T-Max)
The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
Guardrails
- Never paste secrets into logs, chat, or code.
- Prefer
op run/op injectover writing secrets to disk. - If sign-in without app integration is needed, use
op account add. - If a command returns "account is not signed in", re-run
op signininside tmux and authorize in the app. - Do not run
opoutside tmux; stop and ask if tmux is unavailable.
安全使用建议
This skill mostly does what it says (help run the 1Password CLI), but there are two issues you should address before installing or using it: (1) The runtime requires tmux but the skill metadata does not declare tmux as a required binary — ensure tmux is present and that the skill's metadata is updated to list it. (2) The instructions capture tmux pane output (capture-pane) which can include secrets; confirm how the agent will handle that captured text (it must not be logged, transmitted, or stored insecurely). Other suggestions: only install the CLI from the official Homebrew formula on trusted machines; run this skill in a single-user, secure environment (not a shared or cloud-hosted agent where captured panes could be exposed); and ask the skill maintainer to (a) declare tmux in required bins, (b) clarify handling of capture-pane output (or avoid capturing secret-bearing panes), and (c) explicitly list any environment variables the instructions depend on (OPENCLAW_TMUX_SOCKET_DIR, OP_ACCOUNT). If the maintainer cannot clarify these points, treat the skill with caution.
功能分析
Type: OpenClaw Skill
Name: 1password-temp
Version: 1.0.0
The skill provides an interface for an AI agent to interact with the 1Password CLI (op), which is an inherently high-risk capability involving access to sensitive credentials. It employs a complex tmux-based execution flow in SKILL.md to manage interactive sessions and capture terminal output, which could lead to accidental secret exposure in logs or session hijacking via the shared socket directory (/tmp). While the skill includes guardrails and aligns with its stated purpose, the high-privilege nature of the tool and the use of terminal capture techniques warrant a suspicious classification.
能力评估
Purpose & Capability
The skill claims to set up and use the 1Password CLI and declares the op binary and a brew install for the official 1password-cli formula, which matches the stated purpose. However, the SKILL.md requires running all op commands inside a fresh tmux session and references a tmux socket convention; yet the registry metadata does not declare tmux as a required binary. That omission is an incoherence: tmux is necessary for the described workflow but not listed as a requirement.
Instruction Scope
Instructions tell the agent to create a tmux socket, send interactive signin commands, run op whoami/vault list, capture the tmux pane output (capture-pane -p -J), then kill the session. capture-pane can capture secret-containing output; the SKILL.md does not specify safe handling, storage, or transmission of that captured output. The instructions also direct interactive sign-in automation (sending keys) which relies on desktop app integration and could leak sensitive output if the agent logs the captured pane or transmits it. The doc's insistence on 'never paste secrets into logs/chat' is good but does not prevent accidental capture or subsequent transmission of secrets by the agent.
Install Mechanism
The install spec uses a Homebrew formula '1password-cli' to provide the op binary. This is an expected, low-risk install mechanism for this CLI on systems with Homebrew. No downloads from arbitrary URLs or archive extraction are present.
Credentials
The skill does not request credentials or declare required env vars, which is appropriate because interactive sign-in is expected. However, the instructions reference OPENCLAW_TMUX_SOCKET_DIR, TMPDIR and OP_ACCOUNT (and suggest following a 'tmux' skill's socket conventions) without declaring them. The workflow requires filesystem socket creation in /tmp (or OPENCLAW_TMUX_SOCKET_DIR) and may interact with OP_ACCOUNT—these environment uses should be declared or explained.
Persistence & Privilege
always is false and the skill is instruction-only (no code files). It creates transient tmux sessions and socket files and then kills the session; it does not request persistent presence or system-wide config changes. No modifications to other skills' configs are specified.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install 1password-temp - 安装完成后,直接呼叫该 Skill 的名称或使用
/1password-temp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of 1Password CLI setup and usage skill.
- Guides users through installing and verifying the 1Password CLI (`op`), with reference to official documentation.
- Enforces running all `op` commands inside a dedicated tmux session to maintain security and session state.
- Outlines steps for desktop app integration and multi-account sign-in.
- Provides CLI workflow for authentication, secret access, and troubleshooting.
- Includes guardrails to prevent leaking secrets and improper usage outside tmux.
元数据
常见问题
1password Temp 是什么?
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 1password Temp?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install 1password-temp」即可一键安装,无需额外配置。
1password Temp 是免费的吗?
是的,1password Temp 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
1password Temp 支持哪些平台?
1password Temp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 1password Temp?
由 hansolero(@hansolero)开发并维护,当前版本 v1.0.0。
推荐 Skills