Google Business Review Responder

v1.0.0

Monitors new Google Business reviews, drafts tailored responses sent via Telegram for operator approval before posting publicly.

⭐ 0· 91·0 current·0 all-time

by@chris-openclaw

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for chris-openclaw/google-review-responder.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Google Business Review Responder" (chris-openclaw/google-review-responder) from ClawHub.
Skill page: https://clawhub.ai/chris-openclaw/google-review-responder
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install google-review-responder

ClawHub CLI

Package manager switcher

npx clawhub@latest install google-review-responder

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The name/description (monitor GBP reviews, draft replies, and send via Telegram for approval) matches the code: gbp_reviews.py polls Google APIs and can post replies. The skill legitimately needs OAuth client credentials and refresh tokens saved per-client. One mismatch: there is no built-in Telegram integration in the code—SKILL.md expects the OpenClaw agent to send the draft messages via an existing Telegram channel. This is a design choice (agent handles messaging) but worth noting.

✓

Instruction Scope

SKILL.md instructs the agent to run the included scripts, save pending review JSON files, send drafts via Telegram, and only post after operator approval. The code only accesses client config files and Google APIs and writes pending and log files in its workspace; it does not read unrelated system files or exfiltrate data to unknown endpoints. HIPAA rules are explicitly included in the guidelines.

✓

Install Mechanism

No install spec is provided (instruction-only skill). The included Python scripts declare standard pip dependencies (google-auth, google-auth-oauthlib, requests, Flask optionally). There are no downloads from untrusted URLs or unusual install steps in the package.

ℹ

Credentials

The skill does not request environment variables but does require per-client OAuth credentials (oauth_client_id, oauth_client_secret, and long-lived refresh_token) stored in clients/*.json. Those credentials are sensitive but are necessary for the stated purpose. Ensure you understand that refresh tokens allow ongoing API access until revoked and are saved in plaintext files by the scripts.

✓

Persistence & Privilege

Skill does not set always:true and does not alter other skills. It will create files in its workspace (clients/, pending/, review_log.json) which is normal for its function. Note: the platform's autonomous invocation (default) could run the 'check' flow on heartbeat; the skill and scripts rely on operator approval before calling the reply flow—if an agent or operator misconfigures automation to call the reply command without approval, replies could be posted. That is operational risk, not intrinsic malicious behavior in the skill.

Assessment

This package is coherent for managing Google Business reviews, but review the following before installing: - OAuth credentials and refresh tokens: The skill requires storing oauth_client_id, oauth_client_secret, and a long-lived refresh_token per client in plaintext files under the skill workspace (clients/*.json). Treat these as sensitive: restrict filesystem access, use correct permissions, and rotate/revoke tokens if compromised. - Telegram messaging: The scripts do NOT send Telegram messages themselves—you must have OpenClaw configured to send the drafted messages and to enforce the manual approval step. Verify your agent's heartbeat/automation will not auto-run the 'reply' command without human confirmation. - OAuth server: oauth_server.py is a convenience to capture refresh tokens remotely. If you expose it on a public VPS, run it under HTTPS and secure the server; by default the code sets OAUTHLIB_INSECURE_TRANSPORT to allow HTTP which is insecure. Prefer get_client_token.py run locally if you cannot secure a web server. - File writes: The skill creates pending/ and review_log.json in its workspace. Ensure the workspace location is appropriate and protected; do not place it in a path readable by untrusted users or bots. - Verify code yourself: This is a community-provided skill (source unknown). If you plan to run it in production, audit the Python code and consider storing tokens in a secret manager rather than plaintext files. If you trust the source and follow the operational cautions above (secure storage, HTTPS for onboarding server, agent-level checks to prevent auto-posting), the package is appropriate for its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

business-profilevk97fweqwpt8wzgaz2sz71vgck584q11egbpvk97fweqwpt8wzgaz2sz71vgck584q11egooglevk97fweqwpt8wzgaz2sz71vgck584q11ehipaavk97fweqwpt8wzgaz2sz71vgck584q11elatestvk97fweqwpt8wzgaz2sz71vgck584q11ereviewsvk97fweqwpt8wzgaz2sz71vgck584q11etelegramvk97fweqwpt8wzgaz2sz71vgck584q11e

91downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

Skill: Google Business Review Responder

Description

Automatically monitors Google Business Profile reviews for clients, drafts professional responses, and sends them via Telegram for approval before posting.

Trigger

This skill activates during heartbeat checks and when the operator replies to a review approval message.

Review Check Flow (Heartbeat)

Run the review check script for each configured client:

python3 ~/review-responder/gbp_reviews.py check --client <client_id>

For each new unanswered review found, draft a response following the Response Guidelines below.
Send the draft to the operator via Telegram in this format:

📝 New Review for [Business Name]

⭐ [star_rating] from [reviewer_name]
💬 "[review comment]"

My draft reply:
"[your drafted response]"

Reply OK to post, or send your edits.
(Review ID: [review_id] | Client: [client_id])

Do NOT post the reply automatically. Wait for operator approval.

Approval Flow (Chat)

When the operator replies to a review draft:

"OK" or "post it" or "send it" or "approved": Post the draft as-is using:
```
python3 ~/review-responder/gbp_reviews.py reply --client <client_id> --review <review_id> --reply "the approved response"
```
Confirm once posted: "Done -- reply posted for [reviewer_name]'s review."
Edited text: If the operator sends replacement text (anything that isn't a simple approval), use their text as the reply instead. Confirm before posting: "Got it -- posting your version now."
"Skip" or "ignore": Do not reply to that review. Remove it from pending.

Response Guidelines

Tone Principles

Warm, professional, and human -- not corporate or robotic
Specific to what the reviewer said (never generic "thanks for your review!")
Concise: 2-4 sentences max
Match the energy of the review without being over the top

By Star Rating

5 Stars:

Thank them warmly and reference something specific they mentioned
Reinforce what they loved ("We're glad [specific thing] made a difference")
End with a light invitation to return or share with others
Keep it brief -- don't overdo it on a great review

4 Stars:

Thank them and acknowledge specific positives
If they mentioned something that could improve, acknowledge it gracefully without being defensive
Show you're listening: "We appreciate the feedback on [topic] and are always looking to improve"

3 Stars:

Thank them for taking the time
Acknowledge both the positives and the concern
Show genuine interest in making it right: "We'd love the chance to do better next time"
Optionally invite them to reach out directly

1-2 Stars:

Lead with empathy, not defensiveness: "We're sorry to hear this wasn't the experience you deserved"
Acknowledge the specific issue without making excuses
Offer a path forward: invite them to contact the business directly
Keep it short and dignified -- do not argue or over-explain
Never blame the reviewer or question their experience

HIPAA Compliance (CRITICAL)

NEVER reference or confirm any medical conditions, diagnoses, treatments, medications, or health details -- even if the reviewer mentioned them in their review
NEVER confirm or deny that someone is or was a patient
Keep responses general: "your experience," "your visit," "your care" -- not "your diagnosis" or "your treatment"
If a reviewer shares health details in their review, do NOT reference those specifics in the reply. Respond to the sentiment and experience only.
When inviting someone to follow up, use "please contact our office" -- never suggest discussing their "case" or "medical records"
This applies to ALL star ratings, positive and negative

Things to Avoid

Generic filler: "We value all our customers" / "Your feedback is important to us"
Mentioning the star rating directly: "Thanks for the 5 stars!"
Being defensive about negative reviews
Making promises the business can't keep
Using the reviewer's full name unless they used it in their review
Emojis (unless the business brand is very casual and the operator approves it)
Referencing any health information, even if the patient shared it publicly (HIPAA)

Checking Pending Reviews

To see what's waiting for approval:

python3 ~/review-responder/gbp_reviews.py pending

Dependencies

Python 3 with: google-auth, google-auth-oauthlib, requests
Client config files in ~/review-responder/clients/
Telegram channel connected for approval messages

Comments

Loading comments...