中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
wip-1password
OpenClaw plugin for 1Password secrets via JS SDK
This is a legitimate 1Password secrets management plugin using the official SDK and documented MCP protocol. All behaviors are clearly declared in documentation with no hidden functionality.
Skill Namewip-1password
Duration38.5s
Enginepi
Safe to install
Approve for use. The skill is a standard credential management tool with proper security practices (official SDK, secret redaction, no exfiltration).
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned src/index.ts:22 reads from ~/.openclaw/secrets/op-sa-token
Network READ READ ✓ Aligned src/index.ts:35-39 creates 1Password SDK client connecting to 1Password cloud AP…
Shell WRITE WRITE ✓ Aligned mcp-server.mjs:29-33 uses execSync to invoke 'op' CLI commands; declared in file…
Environment WRITE WRITE ✓ Aligned src/index.ts:200-206 sets process.env.OPENAI_API_KEY; documented in SKILL.md Key…
Skill Invoke WRITE WRITE ✓ Aligned src/index.ts:86-182 registers op_read_secret, op_list_items, op_write_secret too…
5 findings
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/interface-Module-black
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/interface-MCP_Server-black
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/interface-OpenClaw_Plugin-black
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/interface-Skill-black
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/Universal_Interface_Spec-black?style=flat&color=black
README.md:3

File Tree

21 files · 105.1 KB · 3095 lines
Markdown 16f · 2396L TypeScript 1f · 497L JavaScript 1f · 122L JSON 3f · 80L
├─ 📁 _trash
│ ├─ 📝 RELEASE-NOTES-v0-2-0.md Markdown 35L · 1.4 KB
│ └─ 📝 RELEASE-NOTES-v0-2-2.md Markdown 99L · 4.6 KB
├─ 📁 ai
│ ├─ 📁 _trash
│ │ └─ 📝 README--before-format--2026-03-12.md Markdown 387L · 13.5 KB
│ ├─ 📁 dev-updates
│ │ ├─ 📝 2026-03-11--cc-mini--full-treatment.md Markdown 23L · 1.1 KB
│ │ └─ 📝 2026-03-11--cc-mini--readme-overhaul.md Markdown 49L · 2.4 KB
│ └─ 📁 todos
│ └─ 📝 PUNCHLIST.md Markdown 3L · 34 B
├─ 📁 docs
│ ├─ 📝 DEVELOPMENT.md Markdown 473L · 12.0 KB
│ ├─ 📝 HANDOFF.md Markdown 108L · 4.0 KB
│ ├─ 📝 PRD.md Markdown 138L · 6.8 KB
│ └─ 📝 SETUP.md Markdown 303L · 8.1 KB
├─ 📁 skills
│ └─ 📁 op-secrets
│ └─ 📝 SKILL.md Markdown 48L · 1.6 KB
├─ 📁 src
│ └─ 📜 index.ts TypeScript 497L · 16.7 KB
├─ 📝 CHANGELOG.md Markdown 148L · 6.1 KB
├─ 📝 CLA.md Markdown 19L · 1.2 KB
├─ 📜 mcp-server.mjs JavaScript 122L · 3.8 KB
├─ 📋 openclaw.plugin.json JSON 25L · 629 B
├─ 📋 package.json JSON 41L · 869 B
├─ 📝 README.md Markdown 77L · 3.4 KB
├─ 📝 SKILL.md Markdown 104L · 3.1 KB
├─ 📝 TECHNICAL.md Markdown 382L · 13.6 KB
└─ 📋 tsconfig.json JSON 14L · 279 B

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
@1password/sdk ^0.3.1 npm No Official 1Password SDK, minor version pinned
@modelcontextprotocol/sdk ^1.27.1 npm No Official MCP SDK, minor version pinned

Security Positives

✓ Uses official @1password/sdk (^0.3.1) - not rolling own crypto
✓ All capabilities are clearly documented in SKILL.md with tool descriptions and parameter schemas
✓ Secret values are redacted in CLI output via redact() helper function
✓ Token file permissions are enforced via chmod 600 (documented in setup instructions)
✓ SDK validates token format (must start with 'ops_') before use
✓ Service account tokens are scoped to specific vaults - cannot access built-in vaults
✓ No network exfiltration: secrets stay in memory only (documented: 'never written to disk')
✓ Dependencies @modelcontextprotocol/sdk and @1password/sdk are pinned to minor versions
✓ MIT license with clear attribution (Parker Todd Brooks, wipcomputer)