steveclarke/1password
ai/skills/1password/SKILL.md
Fetch secrets and create/manage 1Password items via CLI. Use when needing API keys, tokens, or credentials, or when storing new secrets. Ask user for the 1Password secret reference (op://Vault/Item/field format) rather than the actual secret.
$ install --global
skillsauthnpx skillsauth add steveclarke/dotfiles 1passwordInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 13, 2026, 6:28 PM68.6s1 file scanned
SKILL.md
- name:
- 1password
- description:
- Fetch secrets and create/manage 1Password items via CLI. Use when needing API keys, tokens, or credentials, or when storing new secrets. Ask user for the 1Password secret reference (op://Vault/Item/field format) rather than the actual secret.
1Password CLI
Use the 1Password CLI (op) to fetch and manage secrets without exposing them in plain text.
Fetching Secrets
Ask the user for their 1Password secret reference (right-click field in 1Password → "Copy Secret Reference"):
# Read a secret value
op read "op://Vault/Item/field"
# Use in a command (secret never shown in shell history)
some-cli --token "$(op read 'op://Vault/Item/api-key')"
# Use as environment variable
export API_KEY="$(op read 'op://Vault/Item/api-key')"
Common Patterns
# CLI auth
toggl auth "$(op read 'op://Employee/Toggl/api key')"
gh auth login --with-token < <(op read 'op://Personal/GitHub/token')
# Docker login
docker login -u $(op read op://Vault/Docker/username) -p $(op read op://Vault/Docker/password)
Reference Format
op://vault-name/item-name/field-name
op://vault-name/item-name/section-name/field-name
Special fields:
op read "op://Vault/Item/one-time password?attribute=otp" # TOTP
op read "op://Vault/Item/private key?ssh-format=openssh" # SSH key
Creating Items
Field Type Syntax
"Field Name[text]=value" # Plain text (visible)
"Field Name[concealed]=value" # Password/secret (hidden)
"Field Name[url]=https://..." # Clickable URL
"Field Name[delete]" # Remove a field
Default (no suffix) = concealed. Always be explicit about field types.
Principles
- Only conceal actual secrets — passwords, API keys, tokens. URLs, usernames, client IDs, hostnames, ports, and other non-sensitive identifiers must use
[text]or[url]. If someone would read it aloud in a meeting, it's not a secret. - Use clear, descriptive field names — Match the source terminology
- Include context — Add account info, notes, and details
- Clean up template cruft — Remove or set default fields from templates
OAuth API Credential
op item create --category="API Credential" --title="Service Name - App Name" --vault="VaultName" \
"Client ID[text]=ABC123" \
"Client Secret[concealed]=secret-value-here" \
"Account[text][email protected]" \
"Redirect URL[text]=http://localhost:8080" \
"Authorization URL[text]=https://service.com/oauth2/authorize" \
"Token Request URL[text]=https://api.service.com/oauth2/token" \
"Developer Portal[url]=https://developer.service.com" \
"notesPlain=Context about this credential and any gotchas."
Simple API Key
op item create --category="API Credential" --title="Service Name API" --vault="VaultName" \
"API Key[concealed]=sk-xxxxxxxxxxxx" \
"Account[text][email protected]" \
"Documentation[url]=https://docs.service.com/api" \
"notesPlain=Used for X purpose. Rate limit: 1000/day."
Database Credential
op item create --category="Database" --title="Production DB - ServiceName" --vault="VaultName" \
"type[text]=postgresql" \
"server[text]=db.example.com" \
"port[text]=5432" \
"database[text]=myapp_production" \
"username[text]=app_user" \
"password[concealed]=secret-password" \
"notesPlain=Read replica. Primary is on port 5433."
Editing Existing Items
When adding fields to existing items with op item edit, the same type rules apply — always specify the field type explicitly:
# WRONG — defaults to concealed, hides the URL and username
op item edit "My Item" "Section.URL=https://example.com" "Section.username=admin"
# RIGHT — only the password is concealed
op item edit "My Item" "Section.URL[url]=https://example.com" "Section.username[text]=admin" "Section.password[concealed]=secret"
Handling Template Fields
Some categories add default fields like valid from and expires set to epoch 0.
# Delete if not applicable
op item edit "Item Name" --vault="VaultName" "valid from[delete]" "expires[delete]"
# Set if applicable
op item edit "Item Name" --vault="VaultName" "valid from=2026-01-27" "expires=2027-01-27"
Field Naming
| Bad | Good |
|-----|------|
| credential | Client ID |
| token_uri | Token Request URL |
| secret | Client Secret or API Key |
Match the terminology from the service's docs.
Prerequisites
- 1Password app installed with CLI integration enabled
- User signed in (
op signinif not authenticated) - Check vaults:
op vault list - Docs: https://developer.1password.com/docs/cli
Related Skills
steveclarke/youtube
content-media
VerifiedTrustedCommunity
Download content from YouTube including transcripts, captions, subtitles, music, MP3s, and playlists. Use when the user provides a YouTube URL or asks to download, transcribe, or get content from YouTube videos or playlists.
32SKILL.mdUpdated Apr 13, 2026
steveclarke/vueuse-functions
development
VerifiedTrustedCommunity
Apply VueUse composables where appropriate to build concise, maintainable Vue.js / Nuxt features.
32SKILL.mdUpdated Apr 13, 2026
steveclarke/ui-review
development
VerifiedTrustedCommunity
Review UI for visual consistency, layout structure, and design system compliance. Two modes — code review (check view files against patterns) and visual audit (screenshot all routes and analyze). Use when reviewing UI code, checking consistency, auditing views, or when user says "review the UI", "check consistency", "UI audit", "design review".
32SKILL.mdUpdated Apr 13, 2026
steveclarke/typeset
tools
VerifiedTrustedCommunity
Improves typography by fixing font choices, hierarchy, sizing, weight, and readability so text feels intentional. Use when the user mentions fonts, type, readability, text hierarchy, sizing looks off, or wants more polished, intentional typography.
32SKILL.mdUpdated Apr 13, 2026