0xhoneyjar/1password
skills/1password/SKILL.md
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
$ install --global
skillsauthnpx skillsauth add 0xhoneyjar/loa-beauvoir 1passwordInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 10:57 AM44.4s3 files scanned
SKILL.md
- name:
- 1password
- description:
- Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
- homepage:
- https://developer.1password.com/docs/cli/get-started/
- "emoji":
- 🔐",
- "requires":
- { "bins": ["op"] },
- "id":
- brew",
- "kind":
- brew",
- "formula":
- 1password-cli",
- "bins":
- ["op"],
- "label":
- Install 1Password CLI (brew)",
1Password CLI
Follow the official CLI get-started steps. Don't guess install commands.
References
references/get-started.md(install + app integration + sign-in flow)references/cli-examples.md(realopexamples)
Workflow
- Check OS + shell.
- Verify CLI present:
op --version. - Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
- REQUIRED: create a fresh tmux session for all
opcommands (no directopcalls outside tmux). - Sign in / authorize inside tmux:
op signin(expect app prompt). - Verify access inside tmux:
op whoami(must succeed before any secret read). - If multiple accounts: use
--accountorOP_ACCOUNT.
REQUIRED tmux session (T-Max)
The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
Guardrails
- Never paste secrets into logs, chat, or code.
- Prefer
op run/op injectover writing secrets to disk. - If sign-in without app integration is needed, use
op account add. - If a command returns "account is not signed in", re-run
op signininside tmux and authorize in the app. - Do not run
opoutside tmux; stop and ask if tmux is unavailable.
Related Skills
0xhoneyjar/cloudflare-browser
tools
VerifiedTrustedCommunity
Control headless Chrome via Cloudflare Browser Rendering CDP WebSocket. Use for screenshots, page navigation, scraping, and video capture when browser automation is needed in a Cloudflare Workers environment. Requires CDP_SECRET env var and cdpUrl configured in browser.profiles.
5SKILL.mdUpdated Mar 24, 2026
0xhoneyjar/tests/fixtures/registry/skills/test-vendor/valid-skill
testing
VerifiedTrustedCommunity
# valid-skill Test skill with valid license for unit testing. ## Purpose Used in test_constructs_loader.bats to verify correct handling of valid licenses.
5SKILL.mdUpdated Mar 24, 2026
0xhoneyjar/tests/fixtures/registry/skills/test-vendor/grace-skill
testing
VerifiedTrustedCommunity
# grace-skill Test skill in license grace period for unit testing. ## Purpose Used in test_constructs_loader.bats to verify correct handling of licenses in grace period.
5SKILL.mdUpdated Mar 24, 2026
0xhoneyjar/tests/fixtures/registry/skills/test-vendor/expired-skill
testing
VerifiedTrustedCommunity
# expired-skill Test skill with expired license for unit testing. ## Purpose Used in test_constructs_loader.bats to verify correct handling of expired licenses.
5SKILL.mdUpdated Mar 24, 2026