Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Add this skill
npx mdskills install openclaw/openclawComprehensive 1Password CLI skill with strong tmux isolation and clear security guardrails
1---2name: 1password3description: Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.4homepage: https://developer.1password.com/docs/cli/get-started/5metadata:6 {7 "openclaw":8 {9 "emoji": "🔐",10 "requires": { "bins": ["op"] },11 "install":12 [13 {14 "id": "brew",15 "kind": "brew",16 "formula": "1password-cli",17 "bins": ["op"],18 "label": "Install 1Password CLI (brew)",19 },20 ],21 },22 }23---2425# 1Password CLI2627Follow the official CLI get-started steps. Don't guess install commands.2829## References3031- `references/get-started.md` (install + app integration + sign-in flow)32- `references/cli-examples.md` (real `op` examples)3334## Workflow35361. Check OS + shell.372. Verify CLI present: `op --version`.383. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.394. REQUIRED: create a fresh tmux session for all `op` commands (no direct `op` calls outside tmux).405. Sign in / authorize inside tmux: `op signin` (expect app prompt).416. Verify access inside tmux: `op whoami` (must succeed before any secret read).427. If multiple accounts: use `--account` or `OP_ACCOUNT`.4344## REQUIRED tmux session (T-Max)4546The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run `op` inside a dedicated tmux session with a fresh socket/session name.4748Example (see `tmux` skill for socket conventions, do not reuse old session names):4950```bash51SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}}"52mkdir -p "$SOCKET_DIR"53SOCKET="$SOCKET_DIR/openclaw-op.sock"54SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"5556tmux -S "$SOCKET" new -d -s "$SESSION" -n shell57tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter58tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter59tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter60tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -20061tmux -S "$SOCKET" kill-session -t "$SESSION"62```6364## Guardrails6566- Never paste secrets into logs, chat, or code.67- Prefer `op run` / `op inject` over writing secrets to disk.68- If sign-in without app integration is needed, use `op account add`.69- If a command returns "account is not signed in", re-run `op signin` inside tmux and authorize in the app.70- Do not run `op` outside tmux; stop and ask if tmux is unavailable.71
Full transparency — inspect the skill content before installing.