GWS - Google Workspace CLI

This skill appears to be a legitimate wrapper for the official Google Workspace CLI, but pay attention to two issues before installing: 1) OAuth guidance in the included docs instructs you to bypass Google verification warnings and to click 'Publish App' to get long-lived refresh tokens. That weakens Google’s safety checks and can produce long-lived access to your email, Drive, calendar, and other sensitive data. Only follow that step if you understand the implications and trust the code and account/project you're using. 2) The metadata does not declare a required config path, but the docs require you to place a client_secret.json in ~/.config/gws and will store encrypted credentials/tokens under ~/.config/gws. Treat client_secret.json and the token files as sensitive secrets; do not share them. Consider limiting scopes, using a dedicated GCP project, or using a service account/domain-wide delegation if appropriate. Practical checks before proceeding: - Inspect the npm package @googleworkspace/cli on GitHub and npm to confirm authenticity and review its README/release history. - Prefer to install the CLI yourself rather than letting an automated installer run without review. - Limit requested OAuth scopes to the minimum needed, and avoid following advice that publishes the app to Production unless you control the GCP project and understand verification consequences. - If unsure, mark this skill as high-risk and do not provide credentials or client_secret.json to it.