# Send 1Password Service Account to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "1password-sa", "name": "1Password Service Account", "source": "tencent", "type": "skill", "category": "其他", "sourceUrl": "https://clawhub.ai/in-liberty420/1password-sa", "canonicalUrl": "https://clawhub.ai/in-liberty420/1password-sa", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/1password-sa", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md", "references/cli-examples.md", "references/get-started.md", "references/troubleshooting.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "1password-sa", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-24T20:32:47.414Z", "expiresAt": "2026-05-01T20:32:47.414Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=1password-sa", "contentDisposition": "attachment; filename=\"1password-sa-1.0.2.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "1password-sa" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/1password-sa" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/1password-sa", "downloadUrl": "https://openagent3.xyz/downloads/1password-sa", "agentUrl": "https://openagent3.xyz/skills/1password-sa/agent", "manifestUrl": "https://openagent3.xyz/skills/1password-sa/agent.json", "briefUrl": "https://openagent3.xyz/skills/1password-sa/agent.md" } } ``` ## Documentation ### 1Password CLI (Hardened) Secure secret access via 1Password CLI (op) for OpenClaw agents. Service accounts are the canonical approach. ### References references/get-started.md — install + baseline setup references/cli-examples.md — safe command patterns references/troubleshooting.md — failure/recovery runbook ### Security Rules (must follow) Prefer op run over all alternatives for secret injection. Never enable shell tracing around secret commands (set -x, bash -x). Never print secrets to stdout/logs (echo, cat on secret values/files). printf piped directly to stdin of another command (e.g., printf ... | curl -H @-) is acceptable when the output never reaches a log or terminal. Never dump environment inside/after secret-bearing runs (env, printenv, set). Never pass secrets as CLI args (arguments can appear in process lists). Never pipe secret output to logs/files (tee, >, >>) unless explicitly writing a protected temporary file for op inject. Never pipe op read output into logging pipelines. Use op inject only with locked-down temp files: umask 077, chmod 600, trap cleanup. Never include secret values in chat, tool output, or agent responses. If a command outputs a secret, do not echo or reference its value. ### Banned Flags/Patterns --no-masking — never use in agent workflows. Masking redacts accidental secret output and must stay on. --reveal — never use in routine workflows. Outputs field values in cleartext. op signin --raw — outputs raw session token to stdout. Bare op read — never run without capturing into a variable. It prints secrets to stdout. set -x — never enable around any op command. curl -v — verbose mode logs auth headers. Use curl -sSf instead. script / terminal recorders — session recording captures all secret output. ### Untrusted Input Never interpolate user-provided or external text into shell commands without strict quoting. Always use -- to separate op flags from command arguments. Vault/item/field names from untrusted sources must be validated (alphanumeric, hyphens, underscores, and spaces only). Never use eval, backtick substitution, or string-built shell commands with secret references. If an item name looks suspicious (contains $, backticks, semicolons, or pipes), stop and verify with the user. Safe dynamic input template: VAULT="my-vault" ITEM="my-item" # Validate: reject names with dangerous characters for NAME in "$VAULT" "$ITEM"; do if ! LC_ALL=C [[ "$NAME" =~ ^[a-zA-Z0-9\\ _-]+$ ]]; then echo "ERROR: invalid vault/item name: $NAME" >&2; exit 1 fi done VALUE="$(op read "op://${VAULT}/${ITEM}/password")" # use $VALUE, then: unset VALUE Always double-quote variable expansions. Never build op:// references from untrusted input without validation. Reject names containing /, $, backticks, semicolons, pipes, or other shell metacharacters. ### .env.tpl Security Treat as code: verify ownership, review changes, restrict permissions (chmod 600). Do not accept .env.tpl files from untrusted sources. Do not commit to public repos — references reveal vault/item structure. Add to .gitignore if in a repo. After creating/editing: chmod 600 .env.tpl Only define expected variable names — reject templates containing dangerous env vars (PATH, LD_PRELOAD, BASH_ENV, NODE_OPTIONS, etc.). ### Service Account Workflow (Primary) Service accounts are the default for agents. No interactive auth needed. ### 1) Load and scope token Load the token from your platform's secure store: # macOS Keychain: # security find-generic-password -a -s OP_SERVICE_ACCOUNT_TOKEN -w # Linux (GNOME Keyring / libsecret): # secret-tool lookup service OP_SERVICE_ACCOUNT_TOKEN # Last resort (interactive prompt, not automatable): # read -rs OP_SERVICE_ACCOUNT_TOKEN OP_SERVICE_ACCOUNT_TOKEN="$(__REPLACE_WITH_SECURE_STORE_COMMAND__)" [ -z "$OP_SERVICE_ACCOUNT_TOKEN" ] && { echo "ERROR: token retrieval failed" >&2; exit 1; } Preferred: single-command scope (token never persists in shell env): OP_SERVICE_ACCOUNT_TOKEN="$OP_SERVICE_ACCOUNT_TOKEN" \\ op run --env-file=.env.tpl -- unset OP_SERVICE_ACCOUNT_TOKEN If multiple commands needed: export briefly with trap cleanup: export OP_SERVICE_ACCOUNT_TOKEN trap 'unset OP_SERVICE_ACCOUNT_TOKEN' EXIT op run --env-file=.env.tpl -- op run --env-file=.env.tpl -- unset OP_SERVICE_ACCOUNT_TOKEN ### 2) Use .env.tpl + op run (preferred) Create .env.tpl with 1Password references (not raw secrets): API_KEY=op://my-vault/my-item/api-key DB_PASSWORD=op://my-vault/my-item/password Run: op run --env-file=.env.tpl -- Masking is on by default and must stay on. Note: masking is defense-in-depth, not primary protection — transformed or partial secrets may evade redaction. The primary defense is never outputting secrets. ### 3) One-off fallback: op read Use only when op run doesn't fit. Use a subshell for automatic cleanup: ( trap 'unset VALUE' EXIT VALUE="$(op read 'op://my-vault/my-item/field')" # use $VALUE here — auto-cleaned on exit ) For API calls, prefer op run with a wrapper script to avoid sh -c: # api-call.sh (chmod +x) #!/usr/bin/env bash set -euo pipefail printf "Authorization: Bearer %s\\n" "$API_TOKEN" | curl -sSf -H @- https://api.example.com/resource op run --env-file=.env.tpl -- ./api-call.sh ### 4) Diagnostics All diagnostic output contains metadata (account emails, vault names, item IDs, URLs) that should be treated as sensitive in logged/recorded agent sessions. op whoami op vault list --format json ### 5) Service account lifecycle Scope is policy-driven: read-only vs read-write depends on configuration and vault permissions. If access fails: verify vault grants and item permissions. If token expired/revoked: regenerate in 1Password admin, update secure store, retry. Limitation: service accounts may not support item creation depending on org policy. ### op inject (restricted use) Use only when a file must be materialized temporarily: set -euo pipefail set +x umask 077 TMP_FILE="$(mktemp)" cleanup() { rm -f "$TMP_FILE"; } trap cleanup EXIT ERR INT TERM HUP QUIT op inject -i config.tpl -o "$TMP_FILE" chmod 600 "$TMP_FILE" # use "$TMP_FILE" briefly, then auto-cleanup via trap Never persist injected secret files beyond immediate use. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: in-liberty420 - Version: 1.0.2 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-24T20:32:47.414Z - Expires at: 2026-05-01T20:32:47.414Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/1password-sa) - [Send to Agent page](https://openagent3.xyz/skills/1password-sa/agent) - [JSON manifest](https://openagent3.xyz/skills/1password-sa/agent.json) - [Markdown brief](https://openagent3.xyz/skills/1password-sa/agent.md) - [Download page](https://openagent3.xyz/downloads/1password-sa)