Set up and use 1Password CLI for sign-in, desktop integration, and reading or injecting secrets.
Auto Review closeout. Codex review is the default when no engine is set and is the recommended reviewer.
Run, watch, debug, and summarize OpenClaw full release CI, release checks, live provider gates, install/update proofs, and release-secret preflights.
Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.
Triage, redact, clean up, and resolve OpenClaw GitHub Secret Scanning alerts in issues or PRs.
Use immediately for any pasted OpenClaw GitHub issue or PR URL/number, and for OpenClaw issue/PR review, triage, duplicate search, opener identity/who wrote it, author account age/activity, comments, labels, close, land, or maintainer evidence checks.
Use when controlling web pages with the OpenClaw browser tool, especially multi-step flows, login checks, tab management, or recovery from stale refs/timeouts.
| name | 1password |
| description | Set up and use 1Password CLI for sign-in, desktop integration, and reading or injecting secrets. |
| homepage | https://developer.1password.com/docs/cli/get-started/ |
| metadata | {"openclaw":{"emoji":"🔐","requires":{"bins":["op"]},"install":[{"id":"brew","kind":"brew","formula":"1password-cli","bins":["op"],"label":"Install 1Password CLI (brew)"}]}} |
Follow the official CLI get-started steps. Don't guess install commands.
references/get-started.md (install + app integration + sign-in flow)references/cli-examples.md (real op examples)op --version.op commands (no direct op calls outside tmux).op signin (expect app prompt).op whoami (must succeed before any secret read).--account or OP_ACCOUNT.The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${OPENCLAW_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/openclaw-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/openclaw-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
op run / op inject over writing secrets to disk.op account add.op signin inside tmux and authorize in the app.op outside tmux; stop and ask if tmux is unavailable.