Agent Skills
› spinabot/brigade
› 1password
1password
GitHub管理1Password CLI,涵盖安装、桌面集成、多账号登录及密钥读取注入。强制在独立tmux会话中执行以避免TTY交互问题,确保通过op whoami验证身份后操作,严禁将密钥写入日志或磁盘。
Trigger Scenarios
安装1Password CLI
配置桌面应用集成
单账号或多账号登录1Password
读取或注入1Password中的秘密信息
Install
npx skills add spinabot/brigade --skill 1password -g -y
SKILL.md
Frontmatter
{
"name": "1password",
"homepage": "https:\/\/developer.1password.com\/docs\/cli\/get-started\/",
"metadata": {
"brigade": {
"emoji": "🔐",
"install": [
{
"id": "brew",
"bins": [
"op"
],
"kind": "brew",
"label": "Install 1Password CLI (brew)",
"formula": "1password-cli"
}
],
"requires": {
"bins": [
"op"
]
}
}
},
"description": "Set up and use 1Password CLI (op). Use when installing the CLI, enabling desktop app integration, signing in (single or multi-account), or reading\/injecting\/running secrets via op."
}
1Password CLI
Follow the official CLI get-started steps. Don't guess install commands.
References
references/get-started.md(install + app integration + sign-in flow)references/cli-examples.md(realopexamples)
Workflow
- Check OS + shell.
- Verify CLI present:
op --version. - Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
- REQUIRED: create a fresh tmux session for all
opcommands (no directopcalls outside tmux). - Sign in / authorize inside tmux:
op signin(expect app prompt). - Verify access inside tmux:
op whoami(must succeed before any secret read). - If multiple accounts: use
--accountorOP_ACCOUNT.
REQUIRED tmux session (T-Max)
The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run op inside a dedicated tmux session with a fresh socket/session name.
Example (see tmux skill for socket conventions, do not reuse old session names):
SOCKET_DIR="${BRIGADE_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/brigade-tmux-sockets}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/brigade-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"
tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"
Guardrails
- Never paste secrets into logs, chat, or code.
- Prefer
op run/op injectover writing secrets to disk. - If sign-in without app integration is needed, use
op account add. - If a command returns "account is not signed in", re-run
op signininside tmux and authorize in the app. - Do not run
opoutside tmux; stop and ask if tmux is unavailable.
Version History
- db99206 Current 2026-07-05 10:57


