ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GOG Extended

v2.1.0

Extended Google Workspace CLI reference for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. Includes complete email body retrieval, attachments, and adva...

0· 158·1 current·1 all-time
byEthan Yanjia Li@ethanyanjiali

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ethanyanjiali/gog-extended.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GOG Extended" (ethanyanjiali/gog-extended) from ClawHub.
Skill page: https://clawhub.ai/ethanyanjiali/gog-extended
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gog-extended

ClawHub CLI

Package manager switcher

npx clawhub@latest install gog-extended
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the SKILL.md: everything is focused on the 'gog' CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. The actions requested (read full email bodies, attachments, send email, etc.) are consistent with that purpose.
Instruction Scope
The SKILL.md directs the agent to run many gog commands that retrieve full email bodies and attachments (sensitive data). This is expected for a Gmail-focused CLI, but it expands the blast radius: if an agent runs these commands with valid credentials it can access and exfiltrate complete mailbox contents. The docs also reference local files (client_secret.json) and an env var (GOG_ACCOUNT) that are not declared in the metadata; sample files and real email addresses appear in examples, which risks accidental leakage or misuse.
Install Mechanism
Instruction-only skill, no install spec and no code files to execute. This minimizes supply-chain risk, but it relies on the presence and trustworthiness of an external 'gog' binary which the agent/user must already have installed.
Credentials
Registry metadata declares no required env vars or credentials, yet SKILL.md uses GOG_ACCOUNT and instructs use of a client_secret.json OAuth file and gog auth commands. The requested env/config access is proportionate to the described CLI purpose, but the metadata omission is an inconsistency and examples include real-looking personal email addresses (possible privacy leak).
Persistence & Privilege
Skill does not request permanent presence (always:false). There is no install or persistent agent modification described. Autonomous invocation is allowed (platform default) but not combined with other high-risk factors here.
What to consider before installing
This skill appears to be a coherent CLI reference for the 'gog' Google Workspace tool, but consider the following before installing or enabling it: 1) The skill instructs the agent to fetch full email bodies and attachments — only enable it if you trust the agent/context and the gog CLI binary it will call. 2) The SKILL.md expects a local OAuth client_secret.json and an env var (GOG_ACCOUNT) even though metadata lists no required credentials — make sure you know where those files/values come from and never expose shared/production credentials. 3) Examples in the references include real-looking personal email addresses — treat these as potential privacy leaks and remove or replace with placeholders. 4) Verify the origin and integrity of the 'gog' CLI (homepage/repo referenced in package.json) before granting it access to accounts. 5) If you do not want the agent to autonomously run mailbox-reading commands, restrict the skill from autonomous invocation or only use it in tightly controlled sessions. If you want a firmer assessment, provide the actual gog binary/source or more info about the skill publisher so provenance can be validated.

Like a lobster shell, security has layers — review code before you run it.

automationvk971namtfj9svff7d52vbattdx83xyy7emailvk971namtfj9svff7d52vbattdx83xyy7gmailvk971namtfj9svff7d52vbattdx83xyy7googlevk971namtfj9svff7d52vbattdx83xyy7latestvk971namtfj9svff7d52vbattdx83xyy7
158downloads
0stars
2versions
Updated 4w ago
v2.1.0
MIT-0
Ethan Yanjia Li@ethanyanjiali
automationemailgmailgooglelatest
Download

gog-extended

Complete reference for the gog CLI with focus on advanced Gmail operations (full email bodies, attachments, complex searches).

Setup (one-time)

gog auth credentials /path/to/client_secret.json
gog auth add you@gmail.com --services gmail,calendar,drive,contacts,docs,sheets
gog auth list

Gmail Operations

Search & Browse

  • Search threads (one row per thread):

    gog gmail search 'newer_than:7d' --max 10
gog gmail search 'from:sender@example.com' --max 20

  • Search individual messages (ignores threading, returns all matches):

    gog gmail messages search "in:inbox from:ryanair.com" --max 20 --account you@example.com
gog gmail messages search 'subject:invoice' --max 50

Read Full Email Content (Critical for Automation)

This is the key difference from basic search — retrieve the complete email body, headers, and content:

# Full email with HTML body (recommended for parsing and automation)
gog gmail get <messageId> --format=full --account you@example.com

# Metadata only (faster, no body)
gog gmail get <messageId> --format=metadata --account you@example.com

# Raw RFC 2822 format (MIME encoded)
gog gmail get <messageId> --format=raw --account you@example.com

Recommendation: Use --format=full (default) which returns HTML-formatted email bodies. HTML preserves structure, links, and formatting better than raw RFC 2822, making it easier to parse and extract data programmatically.

Example workflow (extracting order details from email):

# 1. Find the message
gog gmail messages search 'from:order@example.com subject:confirmation' --max 1 --account you@example.com

# 2. Extract the message ID from results
# 3. Read full content (returns HTML body for easy parsing)
gog gmail get <messageId> --format=full --account you@example.com

# 4. Parse HTML for data (grep, sed, or HTML parser)
gog gmail get <messageId> --format=full --account you@example.com | grep -i "order\|price\|quantity"

The HTML format makes it easier to identify structure (tables, divs, links) and extract data without dealing with raw MIME encoding.

Download Attachments

gog gmail attachment <messageId> <attachmentId>

Get attachment IDs from gog gmail get <messageId> --format=full output.

Send Emails

  • Plain text:

    gog gmail send --to a@b.com --subject "Hi" --body "Hello"

  • Multi-line (via file):

    gog gmail send --to a@b.com --subject "Hi" --body-file ./message.txt

  • Multi-line (via stdin):

    gog gmail send --to a@b.com --subject "Hi" --body-file - <<'EOF'
Hi there,

This is a test.

Cheers
EOF

  • HTML:

    gog gmail send --to a@b.com --subject "Hi" --body-html "<p>Hello</p>"

Drafts

gog gmail drafts create --to a@b.com --subject "Hi" --body-file ./message.txt
gog gmail drafts send <draftId>

Reply to Messages

gog gmail send --to a@b.com --subject "Re: Hi" --body "Reply" --reply-to-message-id <msgId>

Gmail History (Last Changes)

gog gmail history --max 100

Gmail URL Links

gog gmail url <threadId> ...

Prints direct Gmail web URLs.

Calendar Operations

List Events

gog calendar events <calendarId> --from 2026-01-01T00:00:00Z --to 2026-12-31T23:59:59Z

Create Event

gog calendar create <calendarId> --summary "Meeting" --from 2026-03-30T10:00:00Z --to 2026-03-30T11:00:00Z

With color (IDs 1–11):

gog calendar create <calendarId> --summary "Important" --from 2026-03-30T10:00:00Z --to 2026-03-30T11:00:00Z --event-color 4

Update Event

gog calendar update <calendarId> <eventId> --summary "New Title" --event-color 7

View Color Palette

gog calendar colors

Color IDs:

  • 1: #a4bdfc (blue)
  • 2: #7ae7bf (teal)
  • 3: #dbadff (purple)
  • 4: #ff887c (red)
  • 5: #fbd75b (yellow)
  • 6: #ffb878 (orange)
  • 7: #46d6db (cyan)
  • 8: #e1e1e1 (gray)
  • 9: #5484ed (dark blue)
  • 10: #51b749 (green)
  • 11: #dc2127 (dark red)

Drive Operations

gog drive search "filename:report.pdf" --max 10
gog drive search "in:starred" --max 20

Contacts

gog contacts list --max 20
gog contacts list --max 50 --json

Sheets

Read Data

gog sheets get <sheetId> "Tab!A1:D10" --json
gog sheets metadata <sheetId> --json

Update Data

gog sheets update <sheetId> "Tab!A1:B2" --values-json '[["A","B"],["1","2"]]' --input USER_ENTERED

Append Data

gog sheets append <sheetId> "Tab!A:C" --values-json '[["x","y","z"]]' --insert INSERT_ROWS

Clear Data

gog sheets clear <sheetId> "Tab!A2:Z"

Docs

Export

gog docs export <docId> --format txt --out /tmp/doc.txt
gog docs export <docId> --format pdf --out /tmp/doc.pdf

Read (cat)

gog docs cat <docId>

Advanced Flags

Common Flags

  • --account you@gmail.com — Target specific account (required when multiple accounts configured)
  • --json — Output JSON (best for scripting)
  • --plain — Stable TSV format (no colors)
  • --dry-run — Preview changes without executing
  • --force — Skip confirmations
  • --no-input — Never prompt (useful for CI/automation)
  • --verbose — Enable verbose logging

Environment Variable

Avoid repeating --account by setting:

export GOG_ACCOUNT=you@gmail.com

Then:

gog gmail search 'newer_than:7d'  # Uses GOG_ACCOUNT automatically

Gmail Query Syntax

Powerful search operators for gog gmail search and gog gmail messages search:

  • newer_than:7d — Last 7 days
  • before:2026-03-30 — Before date
  • after:2026-03-20 — After date
  • from:sender@example.com — From specific sender
  • to:recipient@example.com — To specific recipient
  • subject:keywords — Subject contains
  • in:inbox — In inbox (also: sent, draft, starred, important)
  • is:unread — Unread messages
  • has:attachment — Has attachment
  • filename:document.pdf — Attachment name
  • label:custom_label — Custom labels

Complex queries:

gog gmail search 'from:billing@example.com subject:invoice after:2026-03-01'
gog gmail search 'in:inbox is:unread has:attachment'

Notes

  • Search vs Messages: gog gmail search returns one row per thread; use gog gmail messages search when you need every individual email.
  • Multi-account: When multiple accounts are configured, always specify --account email@domain.com.
  • Token efficiency: For scripting, use --json output and parse programmatically.
  • Email body extraction: Use gog gmail get <messageId> --format=full to retrieve complete email content (critical for automation like order tracking, invoice extraction, etc.).
  • Docs are read-only in gog: In-place edits require a separate Docs API client; gog supports export and read-only operations.

Comments

Loading comments...