1password

The skill's name/description (1Password CLI usage) aligns with the runtime instructions which call `op`. However the SKILL.md contains embedded metadata that advertises a brew install (1password-cli) even though the registry install spec lists none — this mismatch should be reconciled. The required use of tmux for all `op` interactions is unusual but can be justified by terminal/auth flow concerns.

Instructions ask the agent to create tmux sockets, send keys to a tmux session, run interactive `op signin`/`op whoami`/`op vault list`, and then capture the tmux pane (capture-pane). Capturing pane output can expose secrets if any `op` command prints sensitive data; the document admonishes not to paste secrets but does not explicitly prevent capturing or transmitting pane contents. The SKILL.md also references an environment variable (CLAWDBOT_TMUX_SOCKET_DIR) that is not declared in the skill metadata.

This is an instruction-only skill (no install spec in registry, no code files), which is lower-risk. However the SKILL.md embedded metadata proposes a brew install entry for 1password-cli; that suggestion isn't reflected in the registry's install section — the discrepancy should be clarified. No remote archives or downloads are requested.

The skill does not request credentials or config paths in the registry metadata, which is appropriate for a helper that relies on user-interactive `op` sign-in and desktop-app integration. It references CLAWDBOT_TMUX_SOCKET_DIR and TMPDIR defaults in examples (not declared as required), and will create socket paths under /tmp — benign but worth noting.

The skill is not always-enabled, does not request elevated persistence, and contains no install hooks that would alter other skills or global configuration. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.