Google Business Review Responder

This package is coherent for managing Google Business reviews, but review the following before installing: - OAuth credentials and refresh tokens: The skill requires storing oauth_client_id, oauth_client_secret, and a long-lived refresh_token per client in plaintext files under the skill workspace (clients/*.json). Treat these as sensitive: restrict filesystem access, use correct permissions, and rotate/revoke tokens if compromised. - Telegram messaging: The scripts do NOT send Telegram messages themselves—you must have OpenClaw configured to send the drafted messages and to enforce the manual approval step. Verify your agent's heartbeat/automation will not auto-run the 'reply' command without human confirmation. - OAuth server: oauth_server.py is a convenience to capture refresh tokens remotely. If you expose it on a public VPS, run it under HTTPS and secure the server; by default the code sets OAUTHLIB_INSECURE_TRANSPORT to allow HTTP which is insecure. Prefer get_client_token.py run locally if you cannot secure a web server. - File writes: The skill creates pending/ and review_log.json in its workspace. Ensure the workspace location is appropriate and protected; do not place it in a path readable by untrusted users or bots. - Verify code yourself: This is a community-provided skill (source unknown). If you plan to run it in production, audit the Python code and consider storing tokens in a secret manager rather than plaintext files. If you trust the source and follow the operational cautions above (secure storage, HTTPS for onboarding server, agent-level checks to prevent auto-posting), the package is appropriate for its stated purpose.