1Password (1password.com). Use this skill for ANY 1Password request — searching and reading data. Whenever a task involves 1Password, use this skill instead...

SKILL.md

---
name: oo-one-password
description: "1Password (1password.com). Use this skill for ANY 1Password request — searching and reading data. Whenever a task involves 1Password, use this skill instead of calling the API directly."
allowed-tools: [Bash(oo *)]
metadata:
  title: "1Password"
  author: "OOMOL"
  version: "1.0.0"
  services: ["one_password"]
  icon: "https://static.oomol.com/logo/third-party/one_password.svg"
---

# 1Password

Operate **1Password** through your OOMOL-connected account. This skill calls the `one_password` connector with the [oo CLI](https://github.com/oomol-lab/oo-cli); OOMOL injects credentials server-side, so you never handle raw tokens.

## Running an action

Assume the user has already installed the oo CLI, signed in, and connected 1Password. **Do not run `oo auth login` or open the connection URL proactively — just run the action.** Fall back to [First-time setup](#first-time-setup) only when a command actually fails with an auth or connection error.

**1. Inspect the contract** to get the authoritative input/output schema before building a payload:

```bash
oo connector schema "one_password" --action "<action_name>"
```

**2. Run the action** with a JSON payload that matches the input schema:

```bash
oo connector run "one_password" --action "<action_name>" --data '<json>' --json
```

- `--data` takes a JSON object string or `@path/to/file.json`; omit it to send `{}`.
- The response is `{ "data": ..., "meta": { "executionId": "..." } }`; the execution id lives under `meta.executionId`.

Each action is listed below with a one-line description; actions that change state carry a `[write]` or `[destructive]` tag. Before constructing `--data`, fetch the action's live schema with `oo connector schema` to get its authoritative input fields.

## Available actions

- `get_health` — Get health details for the configured 1Password Connect Server.
- `get_item` — Get one full 1Password item by vault UUID and item UUID.
- `get_vault` — Get details for one 1Password vault by UUID.
- `list_activity` — List 1Password Connect activity events visible to the access token.
- `list_items` — List item overviews in one 1Password vault.
- `list_vaults` — List 1Password vaults available to the connected Connect access token.

## Safety

- Untagged actions are reads (get / list / search) — safe to run directly.
- **Actions tagged `[write]` change 1Password state — confirm the exact payload and effect with the user before running.**
- **Actions tagged `[destructive]` remove or overwrite data — always confirm the target and get explicit approval first.**

## First-time setup

These are **one-time** steps — do not repeat them on every call. Run a step only when a command fails for the matching reason.

- **`oo: command not found`** — install the oo CLI (other platforms: <https://cli.oomol.com/install-guide.md>):

  ```bash
  curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux
  ```

  ```powershell
  irm https://cli.oomol.com/install.ps1 | iex           # Windows PowerShell
  ```

- **Not signed in / authentication error** — sign in to your OOMOL account once:

  ```bash
  oo auth login
  ```

- **`scope_missing` / `credential_expired` / `app_not_ready` / `app_not_found`** — 1Password is not connected, or the connection expired or lacks a scope. Connect once (auth type: API key) at:

  ```text
  https://console.oomol.com/app-connections?provider=one_password
  ```

- **HTTP 402 / `OOMOL_INSUFFICIENT_CREDIT`** — billing stop. Recharge at `https://console.oomol.com/billing/token-recharge` before retrying.

## Resources

- 1Password homepage: https://1password.com

1Password

SKILL.md

related skills