{
  "name": "io.github.takescake/1password-mcp",
  "description": "The official 1Password MCP lets an AI agent reference secrets stored in 1Password vaults — API keys, database passwords, SSH keys — without the secret values ever appearing in the conversation. Uses 1Password CLI-style secret references; the agent sees op://Vault/Item/field, the MCP resolves it at call time, and the cleartext goes directly to the downstream tool.",
  "status": "active",
  "version": "latest",
  "_meta": {
    "com.top-mcps/lastVerified": "2026-05-31",
    "com.top-mcps/score": {
      "value": 64,
      "rubricVersion": "2026-04",
      "lastComputed": "2026-06-02T13:16:41.646Z",
      "methodology": "https://top-mcps.com/about/methodology"
    },
    "com.top-mcps/stats": {
      "fetchedAt": "2026-06-02T11:55:52.319Z",
      "npmWeeklyDownloads": 688
    }
  },
  "repository": {
    "url": "https://github.com/takescake/1password-mcp",
    "source": "github"
  },
  "author": {
    "name": "Community (takescake)"
  },
  "packages": [
    {
      "registryType": "npm",
      "registryBaseUrl": "https://registry.npmjs.org",
      "identifier": "@takescake/1password-mcp",
      "version": "latest",
      "transport": {
        "type": "stdio"
      },
      "environmentVariables": [
        {
          "name": "OP_SERVICE_ACCOUNT_TOKEN",
          "description": "OP_SERVICE_ACCOUNT_TOKEN — required credential for 1Password.",
          "isRequired": true,
          "isSecret": true
        }
      ]
    }
  ],
  "capabilities": {
    "tools": [
      {
        "name": "resolve_reference",
        "description": "Resolve an op:// reference and return the cleartext to the calling tool only (never to the model).",
        "sideEffect": "read",
        "args": [
          {
            "name": "reference",
            "type": "string",
            "required": true
          }
        ]
      },
      {
        "name": "list_items",
        "description": "List items in a vault (metadata only — no secret values).",
        "sideEffect": "read",
        "args": [
          {
            "name": "vault",
            "type": "string",
            "required": true
          }
        ]
      }
    ],
    "security": {
      "scope": "read-only",
      "sandbox": "1Password service-account token. Scoped to specific vaults at the 1Password side. The MCP itself never persists cleartext — every resolution happens inline at tool-call time.",
      "gotchas": [
        "The service-account token IS a secret. Store it in the OS credential store, not in a config file.",
        "Resolve-only — there is no write tool to create or update items. Use the 1Password app or CLI for that.",
        "Audit logs are at the 1Password side. Pair the MCP with a periodic review of service-account access events."
      ]
    }
  },
  "_links": {
    "html": "https://top-mcps.com/mcp/1password",
    "markdown": "https://top-mcps.com/mcp/1password.md",
    "methodology": "https://top-mcps.com/about/methodology"
  }
}