全部技能 分类浏览
← 返回
安全合规 Key

Wip 1password Private

Headless plugin for 1Password secrets using service accounts, resolving op:// references, reading/writing secrets, and listing vault items via JS SDK.
基于服务账户的 1Password 无头插件,支持解析 op:// 引用、读写密钥及通过 JS SDK 列出保险库条目。
parkertoddbrooks
安全合规 clawhub v0.2.2 1 版本 100000 Key: 需要
★ 0
Stars
📥 662
下载
💾 5
安装
1
版本
#latest

概述

wip-1password

AI plugin (Claude Code, OpenClaw) for 1Password secrets. Uses the official JavaScript SDK with service accounts for fully headless operation... no desktop app, no biometrics, no popups.

When to Use This Skill

Use wip-1password for:

  • Resolving op:// secret references in config files at startup
  • Reading API keys, tokens, and credentials from 1Password at runtime
  • Storing new secrets in 1Password vaults
  • Listing available secrets in a vault

Do NOT Use For

  • Managing 1Password accounts or users (use the 1Password admin console)
  • Accessing built-in vaults (Shared, Employee, Private). Service accounts only work with custom vaults.
  • Repos that don't use OpenClaw (use the op CLI directly instead)

API Reference

OpenClaw Plugin (startup resolver)

Resolves op://vault/item/field strings in openclaw.json at boot. Values exist in memory only... never written to disk.

// In openclaw.json
"someService": {
  "apiKey": "op://Agent Secrets/Some Service/api key"
}

Agent Tools

op_read_secret({ item: "OpenAI API", vault: "Agent Secrets", field: "api key" })
op_list_items({ vault: "Agent Secrets" })
op_write_secret({ item: "New Key", value: "sk-...", vault: "Agent Secrets" })

Module

import { resolveSecretRefs } from "@wipcomputer/wip-1password";

const resolved = await resolveSecretRefs({
  apiKey: "op://Agent Secrets/OpenAI API/api key",
});

Setup

# 1. Save service account token
mkdir -p ~/.openclaw/secrets
echo "ops_..." > ~/.openclaw/secrets/op-sa-token
chmod 600 ~/.openclaw/secrets/op-sa-token

# 2. Enable in openclaw.json
# plugins.entries.op-secrets.enabled = true
# plugins.entries.op-secrets.config.defaultVault = "Agent Secrets"

# 3. Test
openclaw op-secrets test

Key Rules

  • Never call op bare. Always prefix with OP_SERVICE_ACCOUNT_TOKEN.
  • Never log secret values. Store in variables only.
  • Leave memorySearch.remote as {} ... the plugin sets process.env.OPENAI_API_KEY instead.
  • Service account token: Always at ~/.openclaw/secrets/op-sa-token.
  • Custom vaults only. Service accounts can't access built-in vaults.

版本历史

共 1 个版本

  • v0.2.2 当前
    2026-03-19 13:25 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

security-compliance

Skill Vetter

spclaudehome
AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前,检查风险信号、权限范围及可疑模式。
★ 1,210 📥 266,150
security-compliance

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,699
security-compliance

OpenClaw Backup

alex3alex
备份与恢复 OpenClaw 数据。适用于创建备份、设置自动备份计划、从备份恢复或管理备份轮转。处理 ~/.openclaw 目录归档并包含适当的排除规则。
★ 89 📥 30,586

Skill工具集 © 2026