wip-1password 安全扫描报告 — 可信 | ClawSafe

5 /100

wip-1password

OpenClaw plugin for 1Password secrets via JS SDK

This is a legitimate 1Password secrets management plugin using the official SDK and documented MCP protocol. All behaviors are clearly declared in documentation with no hidden functionality.

技能名称wip-1password

分析耗时38.5s

引擎pi

✓

可以安装

Approve for use. The skill is a standard credential management tool with proper security practices (official SDK, secret redaction, no exfiltration).

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	src/index.ts:22 reads from ~/.openclaw/secrets/op-sa-token
网络访问	`READ`	`READ`	✓ 一致	src/index.ts:35-39 creates 1Password SDK client connecting to 1Password cloud AP…
命令执行	`WRITE`	`WRITE`	✓ 一致	mcp-server.mjs:29-33 uses execSync to invoke 'op' CLI commands; declared in file…
环境变量	`WRITE`	`WRITE`	✓ 一致	src/index.ts:200-206 sets process.env.OPENAI_API_KEY; documented in SKILL.md Key…
技能调用	`WRITE`	`WRITE`	✓ 一致	src/index.ts:86-182 registers op_read_secret, op_list_items, op_write_secret too…

5 项发现

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-Module-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-MCP_Server-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-OpenClaw_Plugin-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/interface-Skill-black

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/Universal_Interface_Spec-black?style=flat&color=black

README.md:3

目录结构

21 文件 · 105.1 KB · 3095 行

Markdown 16f · 2396L TypeScript 1f · 497L JavaScript 1f · 122L JSON 3f · 80L

├─ ▾ 📁 _trash

│ ├─ 📝 RELEASE-NOTES-v0-2-0.md Markdown 35L · 1.4 KB

│ └─ 📝 RELEASE-NOTES-v0-2-2.md Markdown 99L · 4.6 KB

├─ ▾ 📁 ai

│ ├─ ▾ 📁 _trash

│ │ └─ 📝 README--before-format--2026-03-12.md Markdown 387L · 13.5 KB

│ ├─ ▾ 📁 dev-updates

│ │ ├─ 📝 2026-03-11--cc-mini--full-treatment.md Markdown 23L · 1.1 KB

│ │ └─ 📝 2026-03-11--cc-mini--readme-overhaul.md Markdown 49L · 2.4 KB

│ └─ ▾ 📁 todos

│ └─ 📝 PUNCHLIST.md Markdown 3L · 34 B

├─ ▾ 📁 docs

│ ├─ 📝 DEVELOPMENT.md Markdown 473L · 12.0 KB

│ ├─ 📝 HANDOFF.md Markdown 108L · 4.0 KB

│ ├─ 📝 PRD.md Markdown 138L · 6.8 KB

│ └─ 📝 SETUP.md Markdown 303L · 8.1 KB

├─ ▾ 📁 skills

│ └─ ▾ 📁 op-secrets

│ └─ 📝 SKILL.md Markdown 48L · 1.6 KB

├─ ▾ 📁 src

│ └─ 📜 index.ts TypeScript 497L · 16.7 KB

├─ 📝 CHANGELOG.md Markdown 148L · 6.1 KB

├─ 📝 CLA.md Markdown 19L · 1.2 KB

├─ 📜 mcp-server.mjs JavaScript 122L · 3.8 KB

├─ 📋 openclaw.plugin.json JSON 25L · 629 B

├─ 📋 package.json JSON 41L · 869 B

├─ 📝 README.md Markdown 77L · 3.4 KB

├─ 📝 SKILL.md Markdown 104L · 3.1 KB

├─ 📝 TECHNICAL.md Markdown 382L · 13.6 KB

└─ 📋 tsconfig.json JSON 14L · 279 B

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`@1password/sdk`	`^0.3.1`	npm	否	Official 1Password SDK, minor version pinned
`@modelcontextprotocol/sdk`	`^1.27.1`	npm	否	Official MCP SDK, minor version pinned

安全亮点

✓ Uses official @1password/sdk (^0.3.1) - not rolling own crypto

✓ All capabilities are clearly documented in SKILL.md with tool descriptions and parameter schemas

✓ Secret values are redacted in CLI output via redact() helper function

✓ Token file permissions are enforced via chmod 600 (documented in setup instructions)

✓ SDK validates token format (must start with 'ops_') before use

✓ Service account tokens are scoped to specific vaults - cannot access built-in vaults

✓ No network exfiltration: secrets stay in memory only (documented: 'never written to disk')

✓ Dependencies @modelcontextprotocol/sdk and @1password/sdk are pinned to minor versions

✓ MIT license with clear attribution (Parker Todd Brooks, wipcomputer)