← Back to Skills Marketplace
644
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install praxis-gws
Description
Google Workspace CLI for Gmail, Calendar, and Drive. Official Google APIs wrapper for secure, direct API access without third-party proxies. Use when managin...
Usage Guidance
This CLI largely does what it claims, but take these precautions before installing or running it: (1) inspect the included script yourself — pay attention to the line that requires googleapis from a global path (it forces a global installation and could load a tampered global package); (2) ensure Node.js is installed and consider installing dependencies locally rather than globally, or modify the script to require('googleapis') normally; (3) create a dedicated Google Cloud project and OAuth client for this tool and review the OAuth consent screen before clicking through 'unverified app' warnings; (4) be aware tokens/credentials will be stored under ~/.config/praxis-gws — protect or isolate that directory; (5) prefer running this in an isolated account/container if you cannot verify the source; and (6) higher confidence would require a trusted source URL, publisher identity, or an install spec that doesn't rely on global modules.
Capability Analysis
Type: OpenClaw Skill
Name: praxis-gws
Version: 1.0.0
The skill is classified as suspicious due to its broad API permissions and the direct passing of user/agent-controlled input to powerful Google Workspace APIs without explicit sanitization within the skill's code. While the `SKILL.md` documentation is benign and the `scripts/praxis-gws.js` code uses official libraries and performs legitimate file operations for configuration, the combination of `gmail.modify`, `calendar`, and `drive.readonly` scopes allows for significant actions (sending emails, managing calendars, reading drive files). This makes the skill a powerful tool that could be abused by a prompt-injected AI agent to perform harmful actions via API abuse, such as sending phishing emails or searching for sensitive documents, even though the skill itself does not exhibit malicious intent.
Capability Assessment
Purpose & Capability
The script's behavior (Gmail, Calendar, Drive operations) matches the skill description and required OAuth scopes. However the registry metadata claims no required binaries while the SKILL.md and code require Node.js and the 'googleapis' package; the description calling this the 'official' wrapper is ambiguous (it uses Google's official library, but the CLI itself is a third-party script).
Instruction Scope
SKILL.md instructions are focused on obtaining OAuth credentials, configuring the CLI, and using Gmail/Calendar/Drive commands. It explicitly tells the user how to run the OAuth flow and where tokens are stored. It does instruct the user to click through the 'unverified app' warning, which is a normal but security-sensitive step for unverified OAuth clients.
Install Mechanism
There is no formal install spec in registry metadata; SKILL.md recommends 'npm install -g googleapis' and the script loads googleapis via an absolute/global path (process.env.PREFIX || '/usr/local' + '/lib/node_modules/googleapis/...'). Relying on a global install and forcing a specific global path is fragile and unusual — it increases risk because global modules can be modified by other users/administrators and could cause the script to load a different package than expected.
Credentials
The script does not request unrelated credentials; it requires user-provided Google OAuth client credentials and stores tokens locally (~/.config/praxis-gws/token.json). The OAuth scopes (gmail.modify, calendar, drive.readonly) are broad but consistent with advertised features (sending/modifying mail, creating events, reading Drive). The skill uses environment variables PREFIX and HOME implicitly; these are not declared in metadata but are typical and not sensitive.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It persists OAuth tokens and credentials under the user's home (~/.config/praxis-gws), which is expected. It does not modify other skills or system-wide configs beyond creating that directory.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install praxis-gws - After installation, invoke the skill by name or use
/praxis-gws - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Gmail, Calendar, Drive CLI using official Google APIs
Metadata
Frequently Asked Questions
What is Praxis Google Workspace?
Google Workspace CLI for Gmail, Calendar, and Drive. Official Google APIs wrapper for secure, direct API access without third-party proxies. Use when managin... It is an AI Agent Skill for Claude Code / OpenClaw, with 644 downloads so far.
How do I install Praxis Google Workspace?
Run "/install praxis-gws" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Praxis Google Workspace free?
Yes, Praxis Google Workspace is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Praxis Google Workspace support?
Praxis Google Workspace is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Praxis Google Workspace?
It is built and maintained by JFab68 (@jfab68); the current version is v1.0.0.
More Skills