ClawHub

XferOps gog

v0.1.1

Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.

0· 515·0 current·0 all-time
byxferops@parker-xferops
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill name/description (Google Workspace CLI) matches what the instructions require and show: the gog CLI, OAuth client credentials, and per-account auth. Requiring the gog binary and offering common Gmail/Calendar/Drive/Sheets/Docs commands is expected and proportional.
Instruction Scope
SKILL.md is concrete and limited to running the gog CLI against Google APIs. It references creating/using client_secret.json, running gog auth commands, and optionally setting GOG_ACCOUNT and GOG_KEYRING_PASSWORD for headless environments. It does not instruct the agent to read unrelated system files or exfiltrate data to third parties. However, it does reference environment variables and files (client_secret.json) that are not declared in the skill metadata.
Install Mechanism
Install uses a Homebrew formula (steipete/tap/gogcli) which is a normal mechanism. Because the formula is from a third‑party tap (steipete/tap) rather than the official Homebrew core, you should verify the tap/formula source before running brew install to ensure the binary is trustworthy.
Credentials
The skill metadata lists no required env vars, but the instructions explicitly mention GOG_KEYRING_PASSWORD and GOG_ACCOUNT (optional conveniences) and require a client_secret.json file for OAuth. These are reasonable for a headless Google CLI, but the metadata should have declared them. Be cautious about storing GOG_KEYRING_PASSWORD in shell profiles or systemd unit files in plaintext.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings in its instructions. It runs as a regular user CLI tool and requires explicit OAuth setup, so it does not demand elevated persistence or special platform privileges.
Assessment
This skill appears to do what it says: it wraps the gog CLI to access Google Workspace APIs. Before installing: 1) Verify the Homebrew tap/formula (steipete/tap/gogcli) and the binary’s upstream (check the project's homepage or source repo) to avoid installing a trojanized binary. 2) Keep OAuth client_secret.json and any generated tokens secure; prefer using the file keyring option instead of embedding GOG_KEYRING_PASSWORD in global profiles or systemd files. 3) Limit OAuth scopes to least privilege for the account you add. 4) When scripting, use --no-input and --json but be careful about automating email sends—confirm actions that send messages or modify calendars. If you want higher assurance, inspect the Homebrew formula and the gog project source (or verify its release binaries/signatures) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c058m798n78ej3e1xapwes181vcyf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎮 Clawdis
Binsgog

Install

Install gog (brew)
Bins: gog
brew install steipete/tap/gogcli

Comments