1passwordSet up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Install via ClawdBot CLI:
clawdbot install steipete/1passwordInstall 1Password CLI (brew):
brew install 1password-cliRequires:
Follow the official CLI get-started steps. Don't guess install commands.
references/get-started.md (install + app integration + sign-in flow)references/cli-examples.md (real op examples)op --version.op commands (no direct op calls outside tmux).op signin (expect app prompt).op whoami (must succeed before any secret read).--account or OP_ACCOUNT.The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${CLAWDBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/clawdbot-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/clawdbot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"op run / op inject over writing secrets to disk.op account add.op signin inside tmux and authorize in the app.op outside tmux; stop and ask if tmux is unavailable.Generated Mar 1, 2026
Development teams use the 1Password CLI to inject API keys and database credentials directly into CI/CD scripts without exposing them in logs or environment files. This ensures secrets are managed securely during automated builds and deployments, reducing the risk of leaks.
System administrators leverage the CLI to fetch SSH keys and cloud access tokens within tmux sessions to provision servers and configure infrastructure as code tools like Terraform. This automates secure setup while maintaining audit trails through 1Password's logging.
Financial analysts use the CLI to retrieve encrypted credentials for accessing sensitive databases and APIs, ensuring compliance with regulations like GDPR or SOX by avoiding hardcoded secrets in scripts. The tmux requirement adds an extra layer of session isolation for audit purposes.
Healthcare developers integrate the CLI to run applications that require protected health information (PHI) credentials, using op inject to securely pass data without storing it on disk. This supports HIPAA compliance by minimizing exposure during testing and deployment phases.
1Password offers tiered subscriptions for teams and enterprises, charging per user with advanced features like audit logs and SSO integration. Revenue is generated through monthly or annual fees, scaling with organizational size and security needs.
The company monetizes the CLI and associated APIs by providing them as part of higher-tier plans or through separate developer licenses. This model targets tech teams needing automation capabilities, driving upsells from basic password management.
1Password partners with IT consultancies to offer custom integration services for deploying the CLI in complex environments, such as legacy systems or regulated industries. Revenue comes from project-based fees and ongoing support contracts.
💬 Integration Tip
Always use a fresh tmux session for op commands to prevent authentication prompts and ensure session isolation, as the CLI requires desktop app integration and a secure TTY environment.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...