ClawHub

Secure Google Docs access for OpenClaw By PortEden

v1.0.0

Secure Google Docs Management - permission-based create, read, and edit doc content; manage sharing, permissions, rename and delete.

0· 135·0 current·0 all-time
by@porteden
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe Google Docs management and the skill only requires the 'porteden' CLI and a PE_API_KEY. Both are appropriate and expected for a CLI-based Google Drive/Docs integration.
Instruction Scope
SKILL.md instructs the agent to run porteden docs commands, use browser login or token stored in system keyring, and optionally pass a local ops-file (e.g., ./ops.json) for bulk edits. This is within scope, but be aware that using --ops-file means the CLI (and thus the agent when directed to use a file) can read local files you point it at — avoid referencing sensitive local files in ops-file paths.
Install Mechanism
Install spec uses a brew formula (porteden/tap/porteden) or go install for github.com/porteden/cli — both are standard package sources. No arbitrary URL downloads or extract-from-untrusted-host steps are present.
Credentials
Only PE_API_KEY (primary) and optional PE_PROFILE/PE_FORMAT/PE_COLOR/PE_VERBOSE are declared. These are proportional to a CLI that can use an API key and profile settings. No unrelated cloud credentials or broad secrets are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide config changes. It notes credentials persist in the system keyring (expected for CLI auth) and does not declare access to other skills' configs or elevated platform privileges.
Assessment
This skill appears coherent with its purpose, but before installing: - Verify the upstream sources: confirm porteden.com, the brew tap (porteden/tap), and the GitHub module (github.com/porteden/cli) are the legitimate project repos. - Understand auth: the CLI can use a PE_API_KEY or browser OAuth stored in your system keyring; prefer least-privilege API keys and check what scopes the key grants (Drive read/write). - Be cautious with --ops-file: the CLI will read any file you point it at. Do not pass paths that contain secrets or unrelated sensitive data. - Confirm sharing/deletion prompts: the tool can share or move docs to trash; follow the advice to confirm before using share or delete commands. - Installing adds a new binary to your system; inspect the package or source if you require stronger assurance (review the brew formula and the GitHub repo). - Monitor Google account audit logs and rotate credentials if you stop using the CLI. If you want more assurance, provide the brew formula URL or the GitHub repo so I can highlight exact files/commands to inspect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bj87efjc817dy4r73b1f3ks8353yk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
Binsporteden
EnvPE_API_KEY
Primary envPE_API_KEY

Install

Install porteden (brew)
Bins: porteden
brew install porteden/tap/porteden
Install porteden (go)
Bins: porteden
go install github.com/porteden/cli/cmd/porteden@latest

Comments