awfixers-stuff/op-cli
skills/op-cli/SKILL.md
Use when reading from 1Password, discovering vaults/items, rotating secrets, or piping credentials to other tools via op CLI.
tools
Updated Apr 27, 2026
$ install --global
skillsauthnpx skillsauth add awfixers-stuff/opencode-config op-cliInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 27, 2026, 2:46 AM34.9s1 file scanned
SKILL.md
- name:
- op-cli
- description:
- Use when reading from 1Password, discovering vaults/items, rotating secrets, or piping credentials to other tools via op CLI.
1Password CLI (op) — Secure Handling
Core Rule: Never Print Secrets
NEVER use op commands that would print secret values into the conversation. Always pipe directly to the consuming tool or use wc -c / redaction to verify without exposing.
# WRONG — would print secret to stdout (do not run)
# op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal
# RIGHT — pipe directly to consumer
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | \
wrangler secret put SECRET_NAME --env ENV
# RIGHT — verify a value exists without exposing it
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal 2>/dev/null | wc -c
Item Titles with Slashes
Many 1Password items use path-style titles (e.g. pool-party/testnet-pool-party-public/credentials). The op:// URI format breaks with these because it uses / as a delimiter.
# BROKEN — too many '/' segments
op read "op://pool-party-testnet/pool-party/testnet-pool-party-public/credentials/PASSWORD"
# ERROR: too many '/': secret references should match op://<vault>/<item>[/<section>]/<field>
# WORKS — use item ID instead (avoid printing values)
op item get ITEM_ID --vault VAULT --fields label=FIELD --reveal 2>/dev/null | wc -c
Discovery Workflow
When you don't know the item ID:
# 1. List items in a vault to find the title and ID
op item list --vault VAULT_NAME
# 2. Use the ID (first column) for all subsequent reads
op item get ITEM_ID --vault VAULT_NAME --fields label=FIELD_NAME --reveal 2>/dev/null | wc -c
Reading Multiple Fields from One Item
# Verify which fields exist (safe — shows labels not values)
op item get ITEM_ID --vault VAULT_NAME --format json 2>/dev/null | \
python3 -c "import json,sys; [print(f['label']) for s in json.load(sys.stdin).get('fields',[]) for f in [s] if f.get('label')]"
# Pipe each field to its destination
op item get ITEM_ID --vault VAULT --fields label=USERNAME --reveal | consumer_cmd ...
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | consumer_cmd ...
Common Piping Patterns
Cloudflare Workers (wrangler)
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | \
npx wrangler secret put POOL_PARTY_PUBLIC_PASSWORD --env testnet
Environment Variable (subshell)
SECRET="$(op item get ITEM_ID --vault VAULT --fields label=TOKEN --reveal 2>/dev/null)"
# Use $SECRET in subsequent commands within the same shell — it won't appear in output
kubectl
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal | \
kubectl create secret generic my-secret --from-file=password=/dev/stdin
Verification Without Exposure
# Check a value is non-empty (char count)
op item get ITEM_ID --vault VAULT --fields label=PASSWORD --reveal 2>/dev/null | wc -c
# Compare two sources match (exit code only)
if cmp -s <(op item get ID1 --vault V --fields label=F --reveal 2>/dev/null) \
<(op item get ID2 --vault V --fields label=F --reveal 2>/dev/null); then
echo "match"
else
echo "differ"
fi
Troubleshooting
| Error | Cause | Fix |
|---|---|---|
| too many '/' | Item title has slashes, op:// can't parse it | Use item ID with op item get |
| could not find item | Wrong vault or title mismatch | Run op item list --vault VAULT to discover |
| Empty output | Missing --reveal flag | Add --reveal and pipe to consumer (or | wc -c) |
| not signed in | Session expired | Run eval "$(op signin)" (avoid printing the session token) |
Related Skills
awfixers-stuff/zmx
development
VerifiedTrustedCommunity
Use when starting dev servers, watchers, tilt, or any process expected to outlive the conversation. Provides zmx session management patterns for long-lived processes.
SKILL.mdUpdated Apr 27, 2026
awfixers-stuff/zig-testing
development
VerifiedTrustedCommunity
Zig testing skill for writing and running tests. Use when using zig build test, writing comptime tests, using test filters, working with test allocators to detect leaks, or using Zig's built-in fuzz testing (0.14+). Activates on queries about Zig tests, zig test, zig build test, comptime testing, test allocators, Zig fuzz testing, or detecting memory leaks in Zig tests.
SKILL.mdUpdated Apr 27, 2026
awfixers-stuff/zig-debugging
development
VerifiedTrustedCommunity
Zig debugging skill. Use when debugging Zig programs with GDB or LLDB, interpreting Zig runtime panics, using std.debug.print for tracing, configuring debug builds, or debugging Zig programs in VS Code. Activates on queries about debugging Zig, Zig panics, zig gdb, zig lldb, std.debug.print, Zig stack traces, or Zig error return traces.
SKILL.mdUpdated Apr 27, 2026
awfixers-stuff/zig-cross
tools
VerifiedTrustedCommunity
Zig cross-compilation skill. Use when cross-compiling Zig programs to different targets, using Zig's built-in cross-compilation for embedded, WASM, Windows, ARM, or using zig cc to cross-compile C code without a system cross-toolchain. Activates on queries about Zig cross-compilation, zig target triples, zig cc cross-compile, Zig embedded targets, or Zig WASM.
SKILL.mdUpdated Apr 27, 2026