1password
About This Skill
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
references/get-started.md (install + app integration + sign-in flow) references/cli-examples.md (real op examples) op run / op inject over writing secrets to disk. Use Cases
op account add. op signin inside tmux and authorize in the op outside tmux; stop and ask if tmux is unavailable. Documentation (Original)
Source: SKILL.mdname: 1password
description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
homepage: https://developer.1password.com/docs/cli/get-started/
metadata: {"clawdbot":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}}
1Password CLI
Follow the official CLI get-started steps. Don't guess install commands.
References
references/get-started.md(install + app integration + sign-in flow)references/cli-examples.md(realopexamples)
Workflow
- Check OS + shell.
- Verify CLI present:
op --version. - Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
- REQUIRED: create a fresh tmux session for all
opcommands (no directopcalls outside tmux). - Sign in / authorize inside tmux:
op signin(expect app prompt). - Verify access inside tmux:
op whoami(must succeed before any secret read). - If multiple accounts: use
--accountorOP_ACCOUNT.
REQUIRED tmux session (T-Max)
The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
Guardrails
- Never paste secrets into logs, chat, or code.
- Prefer
op run/op injectover writing secrets to disk. - If sign-in without app integration is needed, use
op account add. - If a command returns "account is not signed in", re-run
op signininside tmux and authorize in the app. - Do not run
opoutside tmux; stop and ask if tmux is unavailable.
Security Audit
Summary
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
ToxicSkills Analysis
No Toxic signals detected by current static checks.
Key Risks 0 items
Deterministic Findings (Evidence)
Scoring Criteria
Each skill is scored across 5 dimensions. The weighted total determines the star rating.
Star Rating Scale
Why This Score?
All dimensions scored above 60. This skill passed the safety baseline.