8 tools from the 1password MCP Server, categorised by risk level.
View the 1password policy →item_lookup Search for items within a 1Password vault by title substring. Returns item IDs, titles, categories, and vault IDs. 2/5 password_read Retrieve a secret from 1Password using either a secret reference (op://vault/item/field) or vault ID + item ID. Supports field selection and option... vault_list List all 1Password vaults accessible to the service account. Returns vault IDs, names, descriptions, and types. password_create Create a new password/login item in a 1Password vault with optional username, URL, tags, and notes. 3/5 password_generate Generate a cryptographically secure random password with configurable length and character types. Uses rejection sampling for unbiased randomness. 2/5 password_generate_memorable Generate a memorable passphrase from random dictionary words with optional number and symbol suffixes. Uses a ~500-word curated list for good entropy. 2/5 password_update Update (rotate) a password or concealed field on an existing 1Password item. If the target field does not exist, it will be created. 2/5 The 1password MCP server exposes 8 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the 1password server.
1password tools are categorised as Read (3), Write (4), Destructive (1). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept