Google Workspace CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Google Workspace CLI helper, but it gives agents broad Google Drive/Docs/Sheets access through a stored OAuth token and an external npm CLI that are not fully surfaced in the registry metadata.
Review this before installing if you plan to connect a real Google account. Use a limited account or carefully scoped folders where possible, verify the OAuth scopes and npm package, and require confirmation before the agent writes, uploads, or creates Workspace content.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After authentication, an agent using this skill may be able to read and modify Google Workspace files available to that Google account.
This shows the skill uses a persistent Google OAuth session. The provided registry metadata lists no primary credential and no config paths, so the account-access boundary is under-declared for a tool that can access My Drive and Shared Drives.
gw auth # Opens browser for Google sign-in ... Token stored at `~/.11x/gworkspace/token.json`.
Authenticate only with an account you intend the agent to use, check the Google consent scopes, prefer least-privilege accounts or folders, and revoke/logout when done.
A mistaken or over-eager agent action could create, upload, or change documents and spreadsheets, including shared business files.
These are mutating operations against Drive, Docs, and Sheets. They are purpose-aligned, but the instructions do not include explicit user-confirmation or scope-limiting guidance before writes/uploads.
gw drive upload ./file.pdf gw doc append <id|url> "text" gw sheet write <id|url> "A1:B2" '[["Name","Score"],["Alice","95"]]'
Require explicit user approval before write, append, upload, or create operations, and constrain actions to named file IDs, folders, or Shared Drives.
Installing the CLI runs and trusts external package code that will handle Google OAuth and Workspace operations.
The skill depends on an external, globally installed npm CLI. That is expected for this CLI-based skill, but the package version is not pinned and no CLI source code was included in the scanned artifacts.
install: npm i -g @11x.agency/gworkspace
Install from a trusted npm source, consider pinning or reviewing the package version, and verify that the npm package matches the advertised source repository.