ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 4/5

ssh-op

Use the ssh-op helper script to load an SSH private key from 1Password (op) into an in-memory ssh-agent and then run ssh. Use when connecting to hosts that require the 1Password-managed key, troubleshooting ssh-op, or onboarding a new machine by configuring the 1Password vault/item and adding SSH host aliases to ~/.ssh/config.

Why use this skill?

Use ssh-op to securely load SSH keys from 1Password into your in-memory agent. Simplify remote access while keeping keys off-disk.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/moodykong/ssh-op
Or

What This Skill Does

ssh-op is a specialized OpenClaw skill designed to bridge the gap between 1Password's secure vault storage and your local SSH workflows. Instead of keeping sensitive SSH private keys sitting on your local disk where they could be exposed, ssh-op dynamically fetches the key from 1Password into an in-memory ssh-agent just-in-time. When invoked, it ensures an agent is active, pulls the requested key via the 1Password CLI, and then transparently executes your SSH command. This pattern is ideal for users who want to follow security best practices by eliminating persistent private keys on local machines while maintaining seamless access to remote servers. It is built to support both individual machine setups and automated agent-driven workflows.

Installation

To get started, first ensure your environment meets the prerequisites by verifying op, ssh, and ssh-agent are available in your path. The canonical way to install the skill is via the command: clawhub install openclaw/skills/skills/moodykong/ssh-op. After installation, link the binary to your local environment using ln -sf ~/.openclaw/skills/ssh-op/scripts/ssh-op ~/.local/bin/ssh-op. Configuration is handled via a machine-specific file located at ~/.openclaw/skills/ssh-op/config.env. Populate the SSH_OP_VAULT_NAME and SSH_OP_ITEM_TITLE variables to point to your stored key in 1Password. For host management, utilize ~/.openclaw/skills/ssh-op/hosts.conf to store your aliases and run ensure_ssh_config.py to idempotently update your main ~/.ssh/config file safely.

Use Cases

Use ssh-op whenever you need to connect to remote servers that require 1Password-managed SSH keys. This is particularly useful for developers working across multiple machines who do not want to distribute private keys manually, or for users who frequently rotate keys and want a centralized place for management. It also serves as a robust solution for troubleshooting SSH connection issues in environments where security auditing requires that keys never touch the physical storage medium of a client device. It is also an excellent tool for standardizing onboarding processes on new machines, as configuration is kept environment-specific and portable.

Example Prompts

  1. "OpenClaw, please connect to my production-web-server using the ssh-op skill and check the current disk usage."
  2. "Use ssh-op to create an SSH tunnel to my staging environment for port 8080 so I can debug the local UI."
  3. "Run a connectivity test using ssh-op on my new alias 'db-cluster' to make sure the key is loaded correctly."

Tips & Limitations

Always ensure your 1Password CLI is signed in before triggering a connection, as the skill relies on the op command to fetch secrets. The key is never written to disk, enhancing your security posture; however, remember that the ssh-agent's lifetime is tied to your shell session. If you are using service accounts, ensure the OP_SERVICE_ACCOUNT_TOKEN is correctly exported in your environment. If you frequently see authorization errors, run op whoami to verify your session status. For advanced users, leveraging SSH_OP_KEY_FINGERPRINT_SHA256 in your config is a recommended optimization to prevent unnecessary re-loading of keys if they are already present in the agent.

Read Full Documentation on GitHub

Metadata

Author@moodykong
Stars1401
Views0
Updated2026-02-24
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-moodykong-ssh-op": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#ssh#1password#security#automation#devops
Safety Score: 4/5

Flags: file-read, file-write, code-execution

Related Skills

skill-father

Authoritative skill-creation standards (Boss). Use when creating or updating OpenClaw skills so they are portable, reproducible, include prerequisites checks, and have a guided installation/onboarding flow that persists machine-specific config in skill-local config files.

moodykong 1401

secure-shopper

Asynchronous shopping research + checkout using secure-autofill (1Password-backed browser filling) with results recorded to workspace artifacts.

moodykong 1401

secure-autofill

1Password-backed credential filling via vault_suggest/vault_fill (plugin tools).

moodykong 1401

queue-task

Durable queue-task helper for resumable, idempotent batch jobs in task-father task folders.

moodykong 1401

onedrive-integration

Copy large/long files to OneDrive for sharing when the user is on Telegram or WhatsApp and wants to view a full document or long file. Use to place files into OneDrive under an OpenClaw folder and provide the new filename/location.

moodykong 1401