菜单
Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in, and reading/injecting secrets for commands.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Deploy a Worker live, no account, via wrangler --temporary.
Drive the user's desktop in the background — clicking, typing, scrolling, dragging — without stealing the cursor, keyboard focus, or switching virtual desktops / Spaces. Cross-platform: macOS, Windows, Linux. Works with any tool-capable model. Load this skill whenever the `computer_use` tool is available.
Configure, extend, or contribute to Hermes Agent.
Plan, set up, and monitor a multi-agent video production pipeline backed by Hermes Kanban. Use when the user wants to make ANY video — narrative film, product/marketing, music video, explainer, ASCII/terminal art, abstract/generative loop, comic, 3D, real-time/installation — and the work warrants decomposition into specialized profiles (writer, designer, animator, renderer, voice, editor, etc.) coordinated through a kanban board. Performs adaptive discovery to scope the brief, designs an appropriate team for the requested style, generates the setup script that creates Hermes profiles + initial kanban task, then helps monitor execution and intervene when tasks stall or fail. Routes scenes to whichever Hermes rendering / audio / design skill fits each beat (`ascii-video`, `manim-video`, `p5js`, `comfyui`, `touchdesigner-mcp`, `blender-mcp`, `pixel-art`, `baoyu-comic`, `claude-design`, `excalidraw`, `songsee`, `heartmula`, …) plus external APIs for TTS, image-gen, and image-to-video as needed.
Operate the Antigravity CLI (agy): plugins, auth, sandbox.
Author in-repo SKILL.md: frontmatter, validator, structure, and writing-quality principles.
| name | 1password |
| description | Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in, and reading/injecting secrets for commands. |
| version | 1.0.0 |
| author | arceus77-7, enhanced by Hermes Agent |
| license | MIT |
| platforms | ["linux","macos","windows"] |
| metadata | {"hermes":{"tags":["security","secrets","1password","op","cli"],"category":"security"}} |
| setup | {"help":"Create a service account at https://my.1password.com → Settings → Service Accounts","collect_secrets":[{"env_var":"OP_SERVICE_ACCOUNT_TOKEN","prompt":"1Password Service Account Token","provider_url":"https://developer.1password.com/docs/service-accounts/","secret":true}]} |
Use this skill when the user wants secrets managed through 1Password instead of plaintext env vars or files.
op) installedOP_SERVICE_ACCOUNT_TOKEN), or Connect servertmux available for stable authenticated sessions during Hermes terminal calls (desktop app flow only)op signinop://Vault/Item/fieldop injectop runSet OP_SERVICE_ACCOUNT_TOKEN in ${HERMES_HOME:-~/.hermes}/.env (the skill will prompt for this on first load).
No desktop app needed. Supports op read, op inject, op run.
export OP_SERVICE_ACCOUNT_TOKEN="your-token-here"
op whoami # verify — should show Type: SERVICE_ACCOUNT
op signin and approve the biometric promptexport OP_CONNECT_HOST="http://localhost:8080"
export OP_CONNECT_TOKEN="your-connect-token"
# macOS
brew install 1password-cli
# Linux (official package/install docs)
# See references/get-started.md for distro-specific links.
# Windows (winget)
winget install AgileBits.1Password.CLI
op --version
Hermes terminal commands are non-interactive by default and can lose auth context between calls.
For reliable op use with desktop app integration, run sign-in and secret operations inside a dedicated tmux session.
Note: This is NOT needed when using OP_SERVICE_ACCOUNT_TOKEN — the token persists across terminal calls automatically.
SOCKET_DIR="${TMPDIR:-/tmp}/hermes-tmux-sockets"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/hermes-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
# Sign in (approve in desktop app when prompted)
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "eval \"\$(op signin --account my.1password.com)\"" Enter
# Verify auth
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
# Example read
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op read 'op://Private/Npmjs/one-time password?attribute=otp'" Enter
# Capture output when needed
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
# Cleanup
tmux -S "$SOCKET" kill-session -t "$SESSION"
op read "op://app-prod/db/password"
op read "op://app-prod/npm/one-time password?attribute=otp"
echo "db_password: {{ op://app-prod/db/password }}" | op inject
export DB_PASSWORD="op://app-prod/db/password"
op run -- sh -c '[ -n "$DB_PASSWORD" ] && echo "DB_PASSWORD is set" || echo "DB_PASSWORD missing"'
op run / op inject instead of writing secrets into files.op signin again in the same tmux session.For non-interactive use, authenticate with OP_SERVICE_ACCOUNT_TOKEN and avoid interactive op signin.
Service accounts require CLI v2.18.0+.
references/get-started.mdreferences/cli-examples.md