Onepassword

1Password Connect — vaults, items, secrets management for server-side applications.

This skill appears to implement a simple 1Password Connect CLI and legitimately asks for OP_CONNECT_TOKEN and OP_CONNECT_HOST. Before installing or supplying a real token: 1) Inspect the code yourself (or have someone you trust do it). The script will, if an env var is missing, read WORKSPACE or ~/.openclaw/workspace/.env to obtain values — make sure you don't have unrelated secrets in those files. 2) Confirm OP_CONNECT_HOST points to a trusted 1Password Connect server (do not give your token to an unknown host). 3) Consider testing with a minimally-permissioned token or a throwaway token in a sandboxed agent first. 4) Note the script has some string/placeholder bugs (e.g., inconsistent placeholder names) that may cause commands to fail; that looks like sloppy implementation rather than malicious intent, but it means you should be cautious. If you need higher confidence, ask the publisher for provenance (source repo or official documentation) or run the script in an isolated environment before using production credentials.

Type: OpenClaw Skill Name: onepassword Version: 1.0.0 The 1Password skill contains functional bugs and security vulnerabilities in 'scripts/onepassword.py'. Specifically, it lacks input sanitization when constructing API URLs (e.g., in 'cmd_get_item' and 'cmd_delete_item'), which could allow for path manipulation or unintended API requests. Furthermore, the script contains logic errors where placeholder replacement fails due to mismatched naming (e.g., attempting to replace '{vault-id}' in a string containing '{vault_id}'). While the script's behavior of reading credentials from a workspace '.env' file is aligned with its stated purpose, the poor implementation of URL construction meets the criteria for a suspicious classification.