ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Workspace

Google Workspace automation — Gmail, Calendar, Drive, and Sheets via service account or OAuth. Read, write, send, and manage your entire Google stack.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 53 · 0 current installs · 0 all-time installs
by@fr3kstyle
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Google Workspace automation) aligns with the code and SKILL.md: the script uses Google API clients and implements Gmail, Calendar, Drive, and Sheets operations.
!
Instruction Scope
Runtime instructions and the script request full account-level Google credentials (service account JSON or OAuth credentials) and will read/write a token file (default ~/.google_token.json). The SKILL.md tells the agent to accept and store sensitive keys (including private_key JSON) in env vars or files — powerful capabilities that are expected for this purpose but require explicit declaration and user caution.
Install Mechanism
No install spec — the skill is instruction + script-only and relies on python packages already available; low install risk because it doesn't download arbitrary code at install time.
!
Credentials
The code and SKILL.md clearly require GOOGLE_SERVICE_ACCOUNT_JSON or GOOGLE_CREDENTIALS_FILE (and optionally GOOGLE_TOKEN_FILE and GOOGLE_DELEGATED_USER), but the registry metadata lists no required env vars or primary credential. Requesting full Gmail/Drive/Calendar/Sheets scopes is proportionate to functionality, but the metadata omission is a mismatch and the env var usage involves highly sensitive secrets (service account private key).
Persistence & Privilege
Skill does not request 'always: true'. It can run autonomously (default), which combined with broad Google scopes increases blast radius if the skill is granted credentials — verify trust before enabling autonomous use.
What to consider before installing
This skill legitimately needs Google credentials (service account JSON with optional domain-wide delegation or OAuth client credentials) because it performs read/write/send operations across Gmail, Calendar, Drive, and Sheets. However: 1) the registry metadata did not declare these required environment variables — ask the publisher why GOOGLE_SERVICE_ACCOUNT_JSON / GOOGLE_CREDENTIALS_FILE (and optional GOOGLE_TOKEN_FILE, GOOGLE_DELEGATED_USER) aren't listed. 2) Treat any service account JSON or OAuth client secrets as highly sensitive: prefer OAuth per-user consent where possible, or create a service account with the minimal scopes and limited access (avoid broad domain-wide delegation unless necessary). 3) Note the script will write a token file (default ~/.google_token.json); ensure the filesystem location is secure. 4) Since source/homepage is unknown, review the full script yourself or run it in a sandbox with a least-privileged test account before granting it production credentials. If you cannot verify the publisher, do not provide real admin credentials or domain-wide delegation keys.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fbn7kqgj8b95a5156am1tns83bttr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Google Workspace

Automate Gmail, Google Calendar, Google Drive, and Google Sheets from the command line. Read and send emails, create calendar events, manage Drive files, and read/write Sheets data — all via the Google API Python client with service account authentication.

Setup

Option 1: Service Account (recommended for automation)

export GOOGLE_SERVICE_ACCOUNT_JSON='{"type":"service_account","project_id":"...","private_key_id":"...","private_key":"-----BEGIN RSA PRIVATE KEY-----\n...","client_email":"...@....iam.gserviceaccount.com","client_id":"...","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token"}'

Create at: Google Cloud Console → IAM → Service Accounts → Create → Add JSON key. Then enable: Gmail API, Calendar API, Drive API, Sheets API. For Gmail/Calendar/Drive: Enable domain-wide delegation and add scopes in Google Workspace Admin.

Option 2: OAuth credentials file

export GOOGLE_CREDENTIALS_FILE="/path/to/credentials.json"
export GOOGLE_TOKEN_FILE="/path/to/token.json"   # created on first run

Commands / Usage

# ── GMAIL ───────────────────────────────────────────────
# Read inbox (latest 10 messages)
python3 scripts/google_workspace.py gmail-inbox
python3 scripts/google_workspace.py gmail-inbox --limit 25

# Search emails
python3 scripts/google_workspace.py gmail-search --query "from:boss@company.com subject:urgent"
python3 scripts/google_workspace.py gmail-search --query "is:unread" --limit 20

# Send an email
python3 scripts/google_workspace.py gmail-send --to "client@example.com" --subject "Meeting Tomorrow" --body "Hi, just confirming our meeting at 2pm."
python3 scripts/google_workspace.py gmail-send --to "a@x.com" --subject "Report" --body "See attached." --attachment "/path/to/report.pdf"

# Apply a label to a message
python3 scripts/google_workspace.py gmail-label --message-id "18abc123..." --label "Important"

# Create a draft
python3 scripts/google_workspace.py gmail-draft --to "client@example.com" --subject "Draft Subject" --body "Draft content here."

# ── CALENDAR ────────────────────────────────────────────
# List upcoming events
python3 scripts/google_workspace.py cal-list
python3 scripts/google_workspace.py cal-list --days 14 --limit 20

# Create an event
python3 scripts/google_workspace.py cal-create --title "Team Standup" --start "2024-03-15T09:00:00" --end "2024-03-15T09:30:00" --timezone "Australia/Brisbane"
python3 scripts/google_workspace.py cal-create --title "All Day Event" --start "2024-03-20" --all-day

# Update an event
python3 scripts/google_workspace.py cal-update --event-id "abc123..." --title "Updated Title" --start "2024-03-15T10:00:00" --end "2024-03-15T10:30:00"

# Delete an event
python3 scripts/google_workspace.py cal-delete --event-id "abc123..."

# ── DRIVE ───────────────────────────────────────────────
# List files
python3 scripts/google_workspace.py drive-list
python3 scripts/google_workspace.py drive-list --query "name contains 'report'" --limit 20

# Upload a file
python3 scripts/google_workspace.py drive-upload --file ./report.pdf
python3 scripts/google_workspace.py drive-upload --file ./report.pdf --folder-id "1BxiMVs0XRA5..."

# Download a file
python3 scripts/google_workspace.py drive-download --file-id "1BxiMVs0XRA5..." --output ./downloaded.pdf

# Share a file
python3 scripts/google_workspace.py drive-share --file-id "1BxiMVs0XRA5..." --email "colleague@company.com" --role writer
python3 scripts/google_workspace.py drive-share --file-id "1BxiMVs0XRA5..." --anyone-link

# ── SHEETS ──────────────────────────────────────────────
# Read a range
python3 scripts/google_workspace.py sheets-read --spreadsheet-id "1BxiMVs0XRA5..." --range "Sheet1!A1:D10"

# Write to a range
python3 scripts/google_workspace.py sheets-write --spreadsheet-id "1BxiMVs0XRA5..." --range "Sheet1!A1" --values '[["Name","Score"],["Alice",95],["Bob",87]]'

# Append a row
python3 scripts/google_workspace.py sheets-append --spreadsheet-id "1BxiMVs0XRA5..." --range "Sheet1!A:D" --values '["John","Doe","john@example.com",42]'

Requirements

  • Python 3.8+
  • google-api-python-client (pip install google-api-python-client google-auth google-auth-httplib2)
  • GOOGLE_SERVICE_ACCOUNT_JSON environment variable (or OAuth credentials)

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…