Gog2
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gog2 Version: 1.0.0 The skill bundle provides instructions for installing and using 'gogcli', a Google Workspace CLI tool. The installation method uses Homebrew (`steipete/tap/gogcli`), which is a standard package manager. All commands described are legitimate interactions with Google services (Gmail, Calendar, Drive, etc.) and temporary local file operations (`/tmp/doc.txt`). There is no evidence of prompt injection, data exfiltration, persistence mechanisms, or other intentional malicious behavior within the provided files. The instructions are clear and align with the stated purpose of the skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The CLI may be able to read or modify Gmail, Calendar, Drive, Contacts, Sheets, and Docs data depending on the OAuth scopes granted.
The skill requires OAuth authorization for several Google Workspace services. This is purpose-aligned, but it grants access to sensitive account data and actions.
Requires OAuth setup. ... `gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs`
Use a trusted Google account, review the OAuth consent screen carefully, and grant only the services you actually need.
Accidental or autonomous use of write commands could send email or alter Google Workspace data.
The skill documents high-impact commands that can send messages or change spreadsheet data. The artifacts include a confirmation reminder for mail/events, but users should also confirm spreadsheet and other write actions.
`gog gmail send ...`; `gog sheets update ...`; `gog sheets append ...`; `gog sheets clear ...`; ... `Confirm before sending mail or creating events.`
Require explicit user confirmation before sending mail, creating events, clearing sheets, updating sheets, copying docs, or making any other account-changing operation.
The installed gog binary will handle Google OAuth credentials and Workspace data.
The skill depends on an external Homebrew formula for the executable, and this scan does not include the CLI source code. This is normal for a CLI integration but requires trust in that package source.
brew | formula: steipete/tap/gogcli | creates binaries: gog
Install only from the expected Homebrew tap, verify the project/homepage if possible, and keep the CLI updated from a trusted source.