Secure Google Sheets Access for OpenClaw by PortEden

v1.0.0

Secure Google Sheets Management - permission-based create, read, write, and append spreadsheet data, plus file management (share, permissions, rename, delete).

⭐ 0· 240·0 current·0 all-time

by@porteden

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description (Google Sheets management) match what the SKILL.md instructs (calls to a 'porteden' CLI for create/read/write/append/share/delete). Required binary 'porteden' and primary env var PE_API_KEY are appropriate and expected.

✓

Instruction Scope

Runtime instructions are limited to invoking the porteden CLI and its flags. They show expected actions (auth login, use PE_API_KEY, sheet and permission commands). The instructions do not ask the agent to read unrelated files/paths or exfiltrate data to unexpected endpoints.

ℹ

Install Mechanism

Install options are a Homebrew formula (porteden/tap/porteden) or go install from github.com/porteden/cli — both are normal for a CLI. Note: these will download and install third-party code; verify the tap and GitHub module ownership and review the upstream repo/release before installing.

✓

Credentials

Only PE_API_KEY (plus optional profile/format vars) is required, which is proportional for a third‑party Sheets CLI. The SKILL.md also notes credentials are stored in the system keyring — expected for a CLI but users should be aware of where tokens end up.

✓

Persistence & Privilege

always is false and the skill does not request persistent system-wide changes. It does rely on the porteden CLI storing credentials in the system keyring, which is standard for CLI auth and limited in scope to this tool.

Assessment

This skill is an instruction-only wrapper around the PortEden CLI and appears coherent. Before installing or using it: (1) verify the Homebrew tap and the GitHub module (github.com/porteden/cli) belong to the expected project and review recent releases; (2) prefer short-lived API tokens or least-privilege scopes (only enable driveAccessEnabled if needed); (3) be aware the CLI stores credentials in your system keyring — check where and who can access it; (4) when giving the agent permission to act, remember commands can share/rename/delete files — confirm any destructive actions. If you need higher assurance, inspect the upstream repository and formula before installation.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📊 Clawdis

Binsporteden

EnvPE_API_KEY

Primary envPE_API_KEY

Install

Install porteden (brew)

Bins: porteden

brew install porteden/tap/porteden

Install porteden (go)

Bins: porteden

go install github.com/porteden/cli/cmd/porteden@latest

latestvk97dt9ntp5n79vgpg5b7fgrn7h83470g

240downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

porteden sheets

Use porteden sheets for Google Sheets data operations and file management. Use -jc flags for AI-optimized output.

If porteden is not installed: brew install porteden/tap/porteden (or go install github.com/porteden/cli/cmd/porteden@latest).

Setup (once)

Browser login (recommended): porteden auth login — opens browser, credentials stored in system keyring
Direct token: porteden auth login --token <key> — stored in system keyring
Verify: porteden auth status
If PE_API_KEY is set in the environment, the CLI uses it automatically (no login needed).
Drive access requires a token with driveAccessEnabled: true and a connected Google account with Drive scopes.

Sheets commands (`porteden sheets`)

Data operations

Create new spreadsheet: porteden sheets create --name "Q1 Budget"
Create in folder: porteden sheets create --name "Data" --folder google:0B7_FOLDER
Spreadsheet metadata (tabs, dimensions): porteden sheets info google:SHEETID -jc
Read cell range: porteden sheets read google:SHEETID --range "Sheet1!A1:C10" -jc
Read whole sheet: porteden sheets read google:SHEETID --range "Sheet1" -jc
Write cells (JSON): porteden sheets write google:SHEETID --range "Sheet1!A1:B2" --values '[["Name","Score"],["Alice",95]]'
Write cells (CSV string): porteden sheets write google:SHEETID --range "Sheet1!A1:B2" --csv "Name,Score\nAlice,95"
Write cells (CSV file): porteden sheets write google:SHEETID --range "Sheet1!A1" --csv-file ./data.csv
Append rows (JSON): porteden sheets append google:SHEETID --range "Sheet1!A:B" --values '[["Bob",87]]'
Append rows (CSV): porteden sheets append google:SHEETID --range "Sheet1!A:B" --csv "Bob,87"

File management

Get export links (xlsx, pdf, csv): porteden sheets download google:SHEETID -jc
Share: porteden sheets share google:SHEETID --type user --role writer --email user@example.com
Share publicly: porteden sheets share google:SHEETID --type anyone --role reader
List permissions: porteden sheets permissions google:SHEETID -jc
Rename: porteden sheets rename google:SHEETID --name "Q2 Budget"
Delete (trash): porteden sheets delete google:SHEETID -y

Range format

Full range: Sheet1!A1:C10
Whole sheet: Sheet1
Open-ended (for append): Sheet1!A:B

Notes

Credentials persist in the system keyring after login. No repeated auth needed.
Set PE_PROFILE=work to avoid repeating --profile.
-jc is shorthand for --json --compact: strips noise, limits fields, reduces tokens for AI agents.
File IDs are always provider-prefixed (e.g., google:1BxiMVs0XRA5...). Pass them as-is.
--values, --csv, and --csv-file are mutually exclusive — provide exactly one.
--csv inline: use \n as row separator (e.g., "Name,Score\nAlice,95\nBob,87").
--raw flag disables formula evaluation (values written literally, not parsed as formulas).
porteden sheets download returns URLs only — no binary content is streamed.
accessInfo in responses describes active token restrictions.
delete moves to trash (reversible). Files can be restored from Google Drive trash.
Confirm before sharing or deleting.
Environment variables: PE_API_KEY, PE_PROFILE, PE_FORMAT, PE_COLOR, PE_VERBOSE.

Comments

Loading comments...