ClawHub

Google Search Console

v1.2.2

Query Google Search Console for SEO data - search queries, top pages, CTR opportunities, URL inspection, and sitemaps. Use when analyzing search performance,...

23· 5.7k·27 current·31 all-time
byJonathan Rhyne@jdrhyne
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the requested artifacts: Python scripts implement OAuth and read-only queries against Google Search Console. Required env vars (GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN) are appropriate for OAuth flows to access GSC.
Instruction Scope
SKILL.md instructs only read-only queries and the code implements only read operations (search analytics, sitemaps, URL inspection). The auth script runs a local OAuth flow (opens a browser / local server on port 8080) and prints the refresh token to stdout for user to store — this is expected but worth noting because the refresh token is sensitive and the script suggests adding it to a local .env.
Install Mechanism
No install spec; scripts are instruction-only and depend on python and standard google API libraries. The package does not download or execute code from external URLs. Missing Python packages produce a pip install hint — the user will need to install libraries manually.
Credentials
Requested environment variables are limited to the OAuth client ID, client secret, and refresh token which are proportionate to the skill's read-only GSC purpose. Note: the refresh token can be used by any code that has these env vars, and SKILL.md explicitly notes credentials are shared with a GA4 skill — meaning other installed skills that read the same env vars could access the same account.
Persistence & Privilege
Skill is not always-enabled, does not modify other skills or system settings, and does not request unusual system privileges. It runs as a normal command-line Python tool.
Assessment
This skill appears to be a straightforward, read-only Google Search Console client. Before installing or using it: (1) Only provide OAuth credentials you trust the code with — the refresh token is sensitive and grants access to your Search Console data. (2) Run the included gsc_auth.py locally; it opens a browser and a localhost server (port 8080) to obtain a refresh token which it prints — save that token securely (e.g., in a local .env) and avoid pasting it into untrusted places. (3) Install required Python packages from official PyPI packages (google-auth, google-auth-oauthlib, google-api-python-client) and review their versions. (4) Be aware that any other skill or program with access to the same environment variables can access your GSC data; do not reuse these env vars across untrusted skills. (5) If you need stricter isolation, create a dedicated Google OAuth client with only the webmasters.readonly scope and a Google account or Search Console property with minimal permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk973scgk6kqd6y4w1h2bcnxwhx8202pk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis
Any binpython3, python
EnvGOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GOOGLE_REFRESH_TOKEN

Comments