Google Photos Manager for OpenClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward Google Photos helper, but it needs Google OAuth access and can add photos or albums, so users should review permissions and protect the local token.
Install only if you are comfortable connecting a local script to Google Photos. Use your own credentials, review the OAuth scopes, upload only files you intend to send to Google, keep credentials.json and token.pickle private, avoid untrusted token files, and revoke the app's Google access when you are done.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Authorizing the skill gives the local script permission to act on parts of the user's Google Photos account until the token is revoked.
The script requests Google Photos OAuth permissions, including append, app-created read, and sharing-related access. This is expected for a Photos manager, but it is account authority users should review.
SCOPES = ['https://www.googleapis.com/auth/photoslibrary.appendonly', 'https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata', 'https://www.googleapis.com/auth/photoslibrary.sharing']
Review the Google consent screen, use your own OAuth client credentials, keep the token private, and remove the sharing scope if you do not need sharing-related behavior.
If run with the wrong arguments, it could create unwanted albums or upload the wrong photo to Google Photos.
The script can create albums and upload local files to the Google Photos API. These are disclosed, purpose-aligned operations, but they modify a third-party account.
requests.post('https://photoslibrary.googleapis.com/v1/albums' ...); requests.post('https://photoslibrary.googleapis.com/v1/uploads' ... data=f)Run create/upload commands only after confirming the requested action, album title, album ID, and local photo path.
Using a token.pickle file from an untrusted source could run local code, not just load credentials.
The token file is deserialized with Python pickle, which can execute code if the pickle file is malicious or tampered with. The normal path is locally generated by this script, so this is a handling caution.
with open(token_path, 'rb') as token:
creds = pickle.load(token)Let the script create its own token file, store it in a protected location, and do not reuse token pickle files received from other people or unknown sources.
The command may fail or run under an unexpected local Python environment if that path exists.
The script's executable shebang points to a developer-specific virtual environment path instead of a portable interpreter, which creates setup/provenance ambiguity.
#!/home/jorge/.openclaw/workspace/skills/google-photos/venv/bin/python3
Run it with a known Python interpreter or update the shebang, and install dependencies from trusted sources in a user-controlled virtual environment.