1password-ui1Password UI tab for OpenClaw dashboard. Manage secrets, credential mappings, and auth state from the Control UI.
Install via ClawdBot CLI:
clawdbot install maverick-software/1password-uiAdds a 1Password tab to the OpenClaw Control dashboard under the Tools group. Browse vaults, manage credential mappings for skills, and handle authentication β all from the web UI.
| Feature | Description |
|---------|-------------|
| Dashboard Tab | "1Password" under Tools in sidebar |
| Connection Status | See signed-in account, CLI/Connect mode |
| Sign In Flow | Authenticate directly from the UI |
| Docker Support | Works with 1Password Connect for containers |
| Credential Mappings | Map 1Password items to skill configs |
To install this skill, give your agent this prompt:
Install the 1password-ui skill from ClawHub.
The skill is at: ~/clawd/skills/1password-ui/
Follow INSTALL_INSTRUCTIONS.md step by step.
Summary of changes needed:
1. Copy 1password-backend.ts to src/gateway/server-methods/1password.ts
2. Register handlers in server-methods.ts
3. Add "1password" tab to navigation.ts (TAB_GROUPS, Tab type, TAB_PATHS, icon, title, subtitle)
4. Add state variables to app.ts
5. Copy 1password-views.ts to ui/src/ui/views/1password.ts
6. Add view rendering to app-render.ts
7. Add tab loading to app-settings.ts
8. Build and restart: pnpm build && pnpm ui:build && clawdbot gateway restartop):
# macOS/Linux
brew install 1password-cli
# Or from https://1password.com/downloads/command-line/See Docker Setup below.
op signin in terminal)Once signed in, you can map 1Password items to skills:
~/clawd/config/1password-mappings.json{ "skillId": { "item": "Item Name", "vault": "Private", "fields": {...} } }# Store Pipedream credentials in 1Password
op item create --category="API Credential" --title="Pipedream Connect" \
--vault="Private" \
"client_id[text]=your_client_id" \
"client_secret[password]=your_client_secret" \
"project_id[text]=proj_xxxxx"
# Use in token refresh
PIPEDREAM_1PASSWORD_ITEM="Pipedream Connect" python3 ~/clawd/scripts/pipedream-token-refresh.py| Method | Description |
|--------|-------------|
| 1password.status | Get CLI/Connect status, signed-in account |
| 1password.signin | Trigger sign-in flow |
| 1password.signout | Sign out of current session |
| 1password.vaults | List available vaults |
| 1password.items | List items in a vault |
| 1password.getItem | Get item field structure (not values) |
| 1password.readSecret | Read a secret (backend only) |
| 1password.mappings.list | Get skill β 1Password mappings |
| 1password.mappings.set | Create/update a mapping |
| 1password.mappings.delete | Remove a mapping |
| 1password.mappings.test | Test if a mapping works |
For Docker-based OpenClaw installations, use 1Password Connect instead of the CLI.
# docker-compose.yml
services:
op-connect-api:
image: 1password/connect-api:latest
ports:
- "8080:8080"
volumes:
- ./1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro
- op-data:/home/opuser/.op/data
op-connect-sync:
image: 1password/connect-sync:latest
volumes:
- ./1password-credentials.json:/home/opuser/.op/1password-credentials.json:ro
- op-data:/home/opuser/.op/data
volumes:
op-data:1password-credentials.jsonservices:
clawdbot:
environment:
- OP_CONNECT_HOST=http://op-connect-api:8080
- OP_CONNECT_TOKEN=your-access-tokenThe UI automatically detects Connect mode.
1password-ui/
βββ SKILL.md # This file
βββ INSTALL_INSTRUCTIONS.md # Step-by-step installation
βββ CHANGELOG.md # Version history
βββ package.json # Skill metadata
βββ reference/
β βββ 1password-backend.ts # Gateway RPC handlers
β βββ 1password-views.ts # UI view (Lit template)
β βββ 1password-settings.ts # Tab loading logic
β βββ 1password-plugin.ts # Plugin registration (optional)
βββ scripts/
βββ op-helper.py # CLI/Connect bridge for skills| Aspect | Implementation |
|--------|----------------|
| Secrets not in UI | getItem and items return field names only, never values |
| No network installers | No curl \| sh or remote scripts β all code is local |
| Manual installation | Requires explicit code edits, no automated patching |
| Mapping file perms | 1password-mappings.json should be 0600 (contains references, not secrets) |
| CLI auth | Uses 1Password app integration for biometric auth when available |
| Risk | Mitigation |
|------|------------|
| readSecret RPC available | The 1password.readSecret method IS exposed via gateway RPC. This is intentional β skills need to read secrets. Security relies on: (1) 1Password requiring user auth, (2) gateway access control (loopback-only by default). |
| Gateway exposure | All 1password.* methods are RPC calls. If you expose your gateway to the network, protect it with authentication. |
| Connect token | In Docker mode, OP_CONNECT_TOKEN grants vault access. Keep it secure like any API key. |
# Recommended permissions for mapping file
chmod 600 ~/clawd/config/1password-mappings.jsonbrew install 1password-cli
# or download from 1password.com/downloads/command-line/op signin
op whoami # verifydocker ps | grep op-connect # check containers runningOP_CONNECT_TOKEN is set correctlyAI Usage Analysis
Analysis is being generated⦠refresh in a few seconds.
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading/injecting/running secrets via op.
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
Use when reviewing code for security vulnerabilities, implementing authentication flows, auditing OWASP Top 10, configuring CORS/CSP headers, handling secrets, input validation, SQL injection prevention, XSS protection, or any security-related code review.
Security check for ClawHub skills powered by Koi. Query the Clawdex API before installing any skill to verify it's safe.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.