Erdmannsilva Gog
PassAudited by ClawScan on May 12, 2026.
Overview
This is a coherent Google Workspace CLI skill, but using it means installing an external CLI and granting OAuth access that can read or change Google Workspace data.
Install this only if you trust the gog CLI and are comfortable granting it Google Workspace OAuth access. Before use, authorize the minimum services needed, review all commands that send or modify data, and know how to revoke the OAuth grant.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-broad command could send messages or change Google Workspace data.
The skill exposes normal but high-impact Workspace actions, including sending email and modifying or clearing spreadsheet data. The non-interactive scripting option is useful but increases the need for explicit user review before mutating commands.
`gog gmail send ...`; `gog sheets update ...`; `gog sheets append ...`; `gog sheets clear <sheetId> "Tab!A2:Z"`; `For scripting, prefer --json plus --no-input.`
Review every mutating command before it runs, especially email sends, calendar changes, and Sheets update/append/clear operations; use narrow ranges, backups, and least-privilege scopes where possible.
The CLI may be able to read or modify Gmail, Calendar, Drive, Contacts, Sheets, and Docs data for the authorized account.
The skill clearly discloses OAuth setup and requests access to several sensitive Google Workspace services. This is expected for the stated purpose, but it grants significant delegated authority.
`Requires OAuth setup.` ... `gog auth credentials /path/to/client_secret.json` ... `gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs`
Authorize only trusted accounts, limit services if the CLI supports narrower scopes, and revoke OAuth access when no longer needed.
Installing the skill may install and run code maintained outside this skill package.
The skill depends on an external Homebrew-installed binary. This is normal for a CLI wrapper, but the provided artifacts do not include the binary source for review.
brew | formula: steipete/tap/gogcli | creates binaries: gog
Verify the Homebrew tap, homepage, and project reputation before installing, and keep the CLI updated from a trusted source.