OpenSkillIndex← back to search
claude-code

Kabot 1password

install
source · Clone the upstream repo
git clone https://github.com/kaivyy/kabot
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/kaivyy/kabot "$T" && mkdir -p ~/.claude/skills && cp -r "$T/kabot/skills/1password" ~/.claude/skills/kaivyy-kabot-1password && rm -rf "$T"
manifest: kabot/skills/1password/SKILL.md
source content

1Password CLI

Follow the official CLI get-started steps. Don't guess install commands.

References

  • references/get-started.md
    (install + app integration + sign-in flow)
  • references/cli-examples.md
    (real 
    op
    examples)

Workflow

  1. Check OS + shell.
  2. Verify CLI present: 
    op --version
    .
  3. Confirm desktop app integration is enabled (per get-started) and the app is unlocked.
  4. REQUIRED: create a fresh tmux session for all 
    op
    commands (no direct 
    op
    calls outside tmux).
  5. Sign in / authorize inside tmux: 
    op signin
    (expect app prompt).
  6. Verify access inside tmux: 
    op whoami
    (must succeed before any secret read).
  7. If multiple accounts: use 
    --account
    or 
    OP_ACCOUNT
    .

REQUIRED tmux session (T-Max)

The shell tool uses a fresh TTY per command. To avoid re-prompts and failures, always run 

op
inside a dedicated tmux session with a fresh socket/session name.

Example (see 

tmux
skill for socket conventions, do not reuse old session names):

SOCKET_DIR="${NANOBOT_TMUX_SOCKET_DIR:-${NANOBOT_TMUX_SOCKET_DIR:-${TMPDIR:-/tmp}/kabot-tmux-sockets}}"
mkdir -p "$SOCKET_DIR"
SOCKET="$SOCKET_DIR/kabot-op.sock"
SESSION="op-auth-$(date +%Y%m%d-%H%M%S)"

tmux -S "$SOCKET" new -d -s "$SESSION" -n shell
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op signin --account my.1password.com" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op whoami" Enter
tmux -S "$SOCKET" send-keys -t "$SESSION":0.0 -- "op vault list" Enter
tmux -S "$SOCKET" capture-pane -p -J -t "$SESSION":0.0 -S -200
tmux -S "$SOCKET" kill-session -t "$SESSION"

Guardrails

  • Never paste secrets into logs, chat, or code.
  • Prefer 
    op run
    / 
    op inject
    over writing secrets to disk.
  • If sign-in without app integration is needed, use 
    op account add
    .
  • If a command returns "account is not signed in", re-run 
    op signin
    inside tmux and authorize in the app.
  • Do not run 
    op
    outside tmux; stop and ask if tmux is unavailable.