{ "schemaVersion": "1.0", "item": { "slug": "1password-sa", "name": "1Password Service Account", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/in-liberty420/1password-sa", "canonicalUrl": "https://clawhub.ai/in-liberty420/1password-sa", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/1password-sa", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/cli-examples.md", "references/get-started.md", "references/troubleshooting.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "1password-sa", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-24T20:32:47.414Z", "expiresAt": "2026-05-01T20:32:47.414Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "contentDisposition": "attachment; filename=\"1password-sa-1.0.2.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "1password-sa" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/1password-sa" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/1password-sa", "agentPageUrl": "https://openagent3.xyz/skills/1password-sa/agent", "manifestUrl": "https://openagent3.xyz/skills/1password-sa/agent.json", "briefUrl": "https://openagent3.xyz/skills/1password-sa/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "1Password CLI (Hardened)", "body": "Secure secret access via 1Password CLI (op) for OpenClaw agents. Service accounts are the canonical approach." }, { "title": "References", "body": "references/get-started.md — install + baseline setup\nreferences/cli-examples.md — safe command patterns\nreferences/troubleshooting.md — failure/recovery runbook" }, { "title": "Security Rules (must follow)", "body": "Prefer op run over all alternatives for secret injection.\nNever enable shell tracing around secret commands (set -x, bash -x).\nNever print secrets to stdout/logs (echo, cat on secret values/files). printf piped directly to stdin of another command (e.g., printf ... | curl -H @-) is acceptable when the output never reaches a log or terminal.\nNever dump environment inside/after secret-bearing runs (env, printenv, set).\nNever pass secrets as CLI args (arguments can appear in process lists).\nNever pipe secret output to logs/files (tee, >, >>) unless explicitly writing a protected temporary file for op inject.\nNever pipe op read output into logging pipelines.\nUse op inject only with locked-down temp files: umask 077, chmod 600, trap cleanup.\nNever include secret values in chat, tool output, or agent responses. If a command outputs a secret, do not echo or reference its value." }, { "title": "Banned Flags/Patterns", "body": "--no-masking — never use in agent workflows. Masking redacts accidental secret output and must stay on.\n--reveal — never use in routine workflows. Outputs field values in cleartext.\nop signin --raw — outputs raw session token to stdout.\nBare op read — never run without capturing into a variable. It prints secrets to stdout.\nset -x — never enable around any op command.\ncurl -v — verbose mode logs auth headers. Use curl -sSf instead.\nscript / terminal recorders — session recording captures all secret output." }, { "title": "Untrusted Input", "body": "Never interpolate user-provided or external text into shell commands without strict quoting.\nAlways use -- to separate op flags from command arguments.\nVault/item/field names from untrusted sources must be validated (alphanumeric, hyphens, underscores, and spaces only).\nNever use eval, backtick substitution, or string-built shell commands with secret references.\nIf an item name looks suspicious (contains $, backticks, semicolons, or pipes), stop and verify with the user.\n\nSafe dynamic input template:\n\nVAULT=\"my-vault\"\nITEM=\"my-item\"\n\n# Validate: reject names with dangerous characters\nfor NAME in \"$VAULT\" \"$ITEM\"; do\n if ! LC_ALL=C [[ \"$NAME\" =~ ^[a-zA-Z0-9\\ _-]+$ ]]; then\n echo \"ERROR: invalid vault/item name: $NAME\" >&2; exit 1\n fi\ndone\n\nVALUE=\"$(op read \"op://${VAULT}/${ITEM}/password\")\"\n# use $VALUE, then:\nunset VALUE\n\nAlways double-quote variable expansions. Never build op:// references from untrusted input without validation. Reject names containing /, $, backticks, semicolons, pipes, or other shell metacharacters." }, { "title": ".env.tpl Security", "body": "Treat as code: verify ownership, review changes, restrict permissions (chmod 600).\nDo not accept .env.tpl files from untrusted sources.\nDo not commit to public repos — references reveal vault/item structure.\nAdd to .gitignore if in a repo.\nAfter creating/editing: chmod 600 .env.tpl\nOnly define expected variable names — reject templates containing dangerous env vars (PATH, LD_PRELOAD, BASH_ENV, NODE_OPTIONS, etc.)." }, { "title": "Service Account Workflow (Primary)", "body": "Service accounts are the default for agents. No interactive auth needed." }, { "title": "1) Load and scope token", "body": "Load the token from your platform's secure store:\n\n# macOS Keychain:\n# security find-generic-password -a -s OP_SERVICE_ACCOUNT_TOKEN -w\n# Linux (GNOME Keyring / libsecret):\n# secret-tool lookup service OP_SERVICE_ACCOUNT_TOKEN\n# Last resort (interactive prompt, not automatable):\n# read -rs OP_SERVICE_ACCOUNT_TOKEN\n\nOP_SERVICE_ACCOUNT_TOKEN=\"$(__REPLACE_WITH_SECURE_STORE_COMMAND__)\"\n[ -z \"$OP_SERVICE_ACCOUNT_TOKEN\" ] && { echo \"ERROR: token retrieval failed\" >&2; exit 1; }\n\nPreferred: single-command scope (token never persists in shell env):\n\nOP_SERVICE_ACCOUNT_TOKEN=\"$OP_SERVICE_ACCOUNT_TOKEN\" \\\n op run --env-file=.env.tpl -- \nunset OP_SERVICE_ACCOUNT_TOKEN\n\nIf multiple commands needed: export briefly with trap cleanup:\n\nexport OP_SERVICE_ACCOUNT_TOKEN\ntrap 'unset OP_SERVICE_ACCOUNT_TOKEN' EXIT\nop run --env-file=.env.tpl -- \nop run --env-file=.env.tpl -- \nunset OP_SERVICE_ACCOUNT_TOKEN" }, { "title": "2) Use .env.tpl + op run (preferred)", "body": "Create .env.tpl with 1Password references (not raw secrets):\n\nAPI_KEY=op://my-vault/my-item/api-key\nDB_PASSWORD=op://my-vault/my-item/password\n\nRun:\n\nop run --env-file=.env.tpl -- \n\nMasking is on by default and must stay on. Note: masking is defense-in-depth, not primary protection — transformed or partial secrets may evade redaction. The primary defense is never outputting secrets." }, { "title": "3) One-off fallback: op read", "body": "Use only when op run doesn't fit. Use a subshell for automatic cleanup:\n\n(\n trap 'unset VALUE' EXIT\n VALUE=\"$(op read 'op://my-vault/my-item/field')\"\n # use $VALUE here — auto-cleaned on exit\n)\n\nFor API calls, prefer op run with a wrapper script to avoid sh -c:\n\n# api-call.sh (chmod +x)\n#!/usr/bin/env bash\nset -euo pipefail\nprintf \"Authorization: Bearer %s\\n\" \"$API_TOKEN\" | curl -sSf -H @- https://api.example.com/resource\n\nop run --env-file=.env.tpl -- ./api-call.sh" }, { "title": "4) Diagnostics", "body": "All diagnostic output contains metadata (account emails, vault names, item IDs, URLs) that should be treated as sensitive in logged/recorded agent sessions.\n\nop whoami\nop vault list --format json" }, { "title": "5) Service account lifecycle", "body": "Scope is policy-driven: read-only vs read-write depends on configuration and vault permissions.\nIf access fails: verify vault grants and item permissions.\nIf token expired/revoked: regenerate in 1Password admin, update secure store, retry.\nLimitation: service accounts may not support item creation depending on org policy." }, { "title": "op inject (restricted use)", "body": "Use only when a file must be materialized temporarily:\n\nset -euo pipefail\nset +x\numask 077\n\nTMP_FILE=\"$(mktemp)\"\ncleanup() { rm -f \"$TMP_FILE\"; }\ntrap cleanup EXIT ERR INT TERM HUP QUIT\n\nop inject -i config.tpl -o \"$TMP_FILE\"\nchmod 600 \"$TMP_FILE\"\n\n# use \"$TMP_FILE\" briefly, then auto-cleanup via trap\n\nNever persist injected secret files beyond immediate use." } ], "body": "1Password CLI (Hardened)\n\nSecure secret access via 1Password CLI (op) for OpenClaw agents. Service accounts are the canonical approach.\n\nReferences\nreferences/get-started.md — install + baseline setup\nreferences/cli-examples.md — safe command patterns\nreferences/troubleshooting.md — failure/recovery runbook\nSecurity Rules (must follow)\nPrefer op run over all alternatives for secret injection.\nNever enable shell tracing around secret commands (set -x, bash -x).\nNever print secrets to stdout/logs (echo, cat on secret values/files). printf piped directly to stdin of another command (e.g., printf ... | curl -H @-) is acceptable when the output never reaches a log or terminal.\nNever dump environment inside/after secret-bearing runs (env, printenv, set).\nNever pass secrets as CLI args (arguments can appear in process lists).\nNever pipe secret output to logs/files (tee, >, >>) unless explicitly writing a protected temporary file for op inject.\nNever pipe op read output into logging pipelines.\nUse op inject only with locked-down temp files: umask 077, chmod 600, trap cleanup.\nNever include secret values in chat, tool output, or agent responses. If a command outputs a secret, do not echo or reference its value.\nBanned Flags/Patterns\n--no-masking — never use in agent workflows. Masking redacts accidental secret output and must stay on.\n--reveal — never use in routine workflows. Outputs field values in cleartext.\nop signin --raw — outputs raw session token to stdout.\nBare op read — never run without capturing into a variable. It prints secrets to stdout.\nset -x — never enable around any op command.\ncurl -v — verbose mode logs auth headers. Use curl -sSf instead.\nscript / terminal recorders — session recording captures all secret output.\nUntrusted Input\nNever interpolate user-provided or external text into shell commands without strict quoting.\nAlways use -- to separate op flags from command arguments.\nVault/item/field names from untrusted sources must be validated (alphanumeric, hyphens, underscores, and spaces only).\nNever use eval, backtick substitution, or string-built shell commands with secret references.\nIf an item name looks suspicious (contains $, backticks, semicolons, or pipes), stop and verify with the user.\n\nSafe dynamic input template:\n\nVAULT=\"my-vault\"\nITEM=\"my-item\"\n\n# Validate: reject names with dangerous characters\nfor NAME in \"$VAULT\" \"$ITEM\"; do\n if ! LC_ALL=C [[ \"$NAME\" =~ ^[a-zA-Z0-9\\ _-]+$ ]]; then\n echo \"ERROR: invalid vault/item name: $NAME\" >&2; exit 1\n fi\ndone\n\nVALUE=\"$(op read \"op://${VAULT}/${ITEM}/password\")\"\n# use $VALUE, then:\nunset VALUE\n\n\nAlways double-quote variable expansions. Never build op:// references from untrusted input without validation. Reject names containing /, $, backticks, semicolons, pipes, or other shell metacharacters.\n\n.env.tpl Security\nTreat as code: verify ownership, review changes, restrict permissions (chmod 600).\nDo not accept .env.tpl files from untrusted sources.\nDo not commit to public repos — references reveal vault/item structure.\nAdd to .gitignore if in a repo.\nAfter creating/editing: chmod 600 .env.tpl\nOnly define expected variable names — reject templates containing dangerous env vars (PATH, LD_PRELOAD, BASH_ENV, NODE_OPTIONS, etc.).\nService Account Workflow (Primary)\n\nService accounts are the default for agents. No interactive auth needed.\n\n1) Load and scope token\n\nLoad the token from your platform's secure store:\n\n# macOS Keychain:\n# security find-generic-password -a -s OP_SERVICE_ACCOUNT_TOKEN -w\n# Linux (GNOME Keyring / libsecret):\n# secret-tool lookup service OP_SERVICE_ACCOUNT_TOKEN\n# Last resort (interactive prompt, not automatable):\n# read -rs OP_SERVICE_ACCOUNT_TOKEN\n\nOP_SERVICE_ACCOUNT_TOKEN=\"$(__REPLACE_WITH_SECURE_STORE_COMMAND__)\"\n[ -z \"$OP_SERVICE_ACCOUNT_TOKEN\" ] && { echo \"ERROR: token retrieval failed\" >&2; exit 1; }\n\n\nPreferred: single-command scope (token never persists in shell env):\n\nOP_SERVICE_ACCOUNT_TOKEN=\"$OP_SERVICE_ACCOUNT_TOKEN\" \\\n op run --env-file=.env.tpl -- \nunset OP_SERVICE_ACCOUNT_TOKEN\n\n\nIf multiple commands needed: export briefly with trap cleanup:\n\nexport OP_SERVICE_ACCOUNT_TOKEN\ntrap 'unset OP_SERVICE_ACCOUNT_TOKEN' EXIT\nop run --env-file=.env.tpl -- \nop run --env-file=.env.tpl -- \nunset OP_SERVICE_ACCOUNT_TOKEN\n\n2) Use .env.tpl + op run (preferred)\n\nCreate .env.tpl with 1Password references (not raw secrets):\n\nAPI_KEY=op://my-vault/my-item/api-key\nDB_PASSWORD=op://my-vault/my-item/password\n\n\nRun:\n\nop run --env-file=.env.tpl -- \n\n\nMasking is on by default and must stay on. Note: masking is defense-in-depth, not primary protection — transformed or partial secrets may evade redaction. The primary defense is never outputting secrets.\n\n3) One-off fallback: op read\n\nUse only when op run doesn't fit. Use a subshell for automatic cleanup:\n\n(\n trap 'unset VALUE' EXIT\n VALUE=\"$(op read 'op://my-vault/my-item/field')\"\n # use $VALUE here — auto-cleaned on exit\n)\n\n\nFor API calls, prefer op run with a wrapper script to avoid sh -c:\n\n# api-call.sh (chmod +x)\n#!/usr/bin/env bash\nset -euo pipefail\nprintf \"Authorization: Bearer %s\\n\" \"$API_TOKEN\" | curl -sSf -H @- https://api.example.com/resource\n\nop run --env-file=.env.tpl -- ./api-call.sh\n\n4) Diagnostics\n\nAll diagnostic output contains metadata (account emails, vault names, item IDs, URLs) that should be treated as sensitive in logged/recorded agent sessions.\n\nop whoami\nop vault list --format json\n\n5) Service account lifecycle\nScope is policy-driven: read-only vs read-write depends on configuration and vault permissions.\nIf access fails: verify vault grants and item permissions.\nIf token expired/revoked: regenerate in 1Password admin, update secure store, retry.\nLimitation: service accounts may not support item creation depending on org policy.\nop inject (restricted use)\n\nUse only when a file must be materialized temporarily:\n\nset -euo pipefail\nset +x\numask 077\n\nTMP_FILE=\"$(mktemp)\"\ncleanup() { rm -f \"$TMP_FILE\"; }\ntrap cleanup EXIT ERR INT TERM HUP QUIT\n\nop inject -i config.tpl -o \"$TMP_FILE\"\nchmod 600 \"$TMP_FILE\"\n\n# use \"$TMP_FILE\" briefly, then auto-cleanup via trap\n\n\nNever persist injected secret files beyond immediate use." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/in-liberty420/1password-sa", "publisherUrl": "https://clawhub.ai/in-liberty420/1password-sa", "owner": "in-liberty420", "version": "1.0.2", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/1password-sa", "downloadUrl": "https://openagent3.xyz/downloads/1password-sa", "agentUrl": "https://openagent3.xyz/skills/1password-sa/agent", "manifestUrl": "https://openagent3.xyz/skills/1password-sa/agent.json", "briefUrl": "https://openagent3.xyz/skills/1password-sa/agent.md" } }