Google Docs Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: google-docs-skill Version: 0.1.0 The OpenClaw skill bundle is designed for Google Docs API integration. It provides clear instructions and Python code examples for OAuth 2.0 authentication and API interactions. While it handles sensitive credentials (Google Client ID/Secret, Refresh Tokens) and performs network requests, these actions are standard for OAuth flows and API communication with legitimate Google endpoints (accounts.google.com, oauth2.googleapis.com, docs.googleapis.com). The `SKILL.md` documentation serves as functional instructions and does not contain any prompt injection attempts or malicious directives targeting the AI agent. All observed behaviors are directly aligned with the stated purpose of integrating with the Google Docs API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with these tokens could use the granted Google Docs API permissions until the token is revoked.
The skill requires Google OAuth credentials, including a refresh token. This is expected for Google Docs integration, but it grants delegated account access and is not reflected in the registry credential metadata.
export GOOGLE_CLIENT_SECRET="your-client-secret" export GOOGLE_REFRESH_TOKEN="your-refresh-token"
Use a dedicated OAuth client if possible, keep tokens out of chat and logs, store them only in a secure local environment, and revoke the refresh token when no longer needed.
Mistaken or overly broad instructions could modify the wrong Google document or insert unintended content.
The skill documents direct Google Docs batchUpdate calls, which can change document content. This matches the stated purpose but is a mutating account action.
f'https://docs.googleapis.com/v1/documents/{doc_id}:batchUpdate',
data=data,
method='POST'Confirm the target document ID and requested edits before running update operations, and prefer small reversible changes.
Running copied code locally can expose OAuth codes or tokens if the code is modified or executed in an untrusted environment.
The one-time OAuth setup uses a local Python script that opens a browser and listens on localhost to capture the authorization code. This is standard OAuth plumbing and user-directed, not automatic installation behavior.
webbrowser.open(auth_url) ... server = HTTPServer(('localhost', 8080), OAuthHandler)Review the setup snippet before running it, run it only on a trusted machine, and ensure the redirect URI and token endpoint are Google's official endpoints.