Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From 1p-flawless
This skill should be used when the user asks to "set up a service account", "stop Touch ID prompts for op CLI", "add OP_SERVICE_ACCOUNT_TOKEN", "configure no-prompt 1Password access", or wants `op` CLI calls to work without biometric prompts. Sets up OP_SERVICE_ACCOUNT_TOKEN in ~/.zshrc.
npx claudepluginhub aventerica89/jb-claude-plugins --plugin 1p-flawlessHow this skill is triggered — by the user, by Claude, or both
Slash command
/1p-flawless:sac-setupThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Sets up `OP_SERVICE_ACCOUNT_TOKEN` in `~/.zshrc` so direct `op` CLI calls (`op inject`, `op run`, `op read`, `op item`) work without Touch ID prompts.
Guides technical evaluation of code review feedback: read fully, restate for understanding, verify against codebase, respond with reasoning or pushback before implementing.
Share bugs, ideas, or general feedback.
Sets up OP_SERVICE_ACCOUNT_TOKEN in ~/.zshrc so direct op CLI calls (op inject, op run, op read, op item) work without Touch ID prompts.
Does NOT affect: shell plugins (vercel, stripe, etc.) — those use their own biometric auth flow and ignore this token.
grep -q "OP_SERVICE_ACCOUNT_TOKEN" ~/.zshrc && echo "ALREADY SET" || echo "NOT SET"
If already set: show the line and ask if user wants to update it.
The user must create the SA in 1Password web — this cannot be automated.
Give these exact instructions:
my.1password.com → Integrations → Service AccountsLocal Dev (or Local Dev — <project> for project-scoped)ops_eyJ... token — it is shown only onceAsk: "Paste your service account token (starts with ops_):"
Validate the token starts with ops_. If it doesn't, reject and ask again.
Check for existing entry:
grep -n "OP_SERVICE_ACCOUNT_TOKEN" ~/.zshrc
If not present, use Edit to append to ~/.zshrc — NEVER use Write (would overwrite the entire file):
# 1Password service account — no-prompt access for op CLI (read-only, App Dev vault)
export OP_SERVICE_ACCOUNT_TOKEN="<token>"
env OP_SERVICE_ACCOUNT_TOKEN="<token>" op vault list 2>&1 | head -3
Expected: vault list returns without Touch ID prompt.
If it fails with auth error: the token may not have access to App Dev — ask user to check vault permissions in 1Password web.
SAC setup complete
Token added to ~/.zshrc (OP_SERVICE_ACCOUNT_TOKEN)
Effective for: op read, op inject, op run, op item
NOT effective for: shell plugins (vercel, stripe — use their own biometric auth)
IMPORTANT: Open a new terminal for the token to take effect.
Existing terminal sessions (including this Claude Code session) will
still prompt Touch ID until restarted.