← Back to Skills Marketplace
googleworkspace-bot

Gws Cloudidentity

by googleworkspace-bot · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
283
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install gws-cloudidentity
Description
Google Cloud Identity: Manage identity groups and memberships.
README (SKILL.md)

cloudidentity (v1)

PREREQUISITE: Read ../gws-shared/SKILL.md for auth, global flags, and security rules. If missing, run gws generate-skills to create it.

gws cloudidentity \x3Cresource> \x3Cmethod> [flags]

API Resources

customers

  • userinvitations — Operations on the 'userinvitations' resource

devices

  • cancelWipe — Cancels an unfinished device wipe. This operation can be used to cancel device wipe in the gap between the wipe operation returning success and the device being wiped. This operation is possible when the device is in a "pending wipe" state. The device enters the "pending wipe" state when a wipe device command is issued, but has not yet been sent to the device. The cancel wipe will fail if the wipe command has already been issued to the device.
  • create — Creates a device. Only company-owned device may be created. Note: This method is available only to customers who have one of the following SKUs: Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium
  • delete — Deletes the specified device.
  • get — Retrieves the specified device.
  • list — Lists/Searches devices.
  • wipe — Wipes all data on the specified device.
  • deviceUsers — Operations on the 'deviceUsers' resource

groups

  • create — Creates a Group.
  • delete — Deletes a Group.
  • get — Retrieves a Group.
  • getSecuritySettings — Get Security Settings
  • list — Lists the Group resources under a customer or namespace.
  • lookup — Looks up the resource name of a Group by its EntityKey.
  • patch — Updates a Group.
  • search — Searches for Group resources matching a specified query.
  • updateSecuritySettings — Update Security Settings
  • memberships — Operations on the 'memberships' resource

inboundOidcSsoProfiles

  • create — Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
  • delete — Deletes an InboundOidcSsoProfile.
  • get — Gets an InboundOidcSsoProfile.
  • list — Lists InboundOidcSsoProfile objects for a Google enterprise customer.
  • patch — Updates an InboundOidcSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".

inboundSamlSsoProfiles

  • create — Creates an InboundSamlSsoProfile for a customer. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
  • delete — Deletes an InboundSamlSsoProfile.
  • get — Gets an InboundSamlSsoProfile.
  • list — Lists InboundSamlSsoProfiles for a customer.
  • patch — Updates an InboundSamlSsoProfile. When the target customer has enabled Multi-party approval for sensitive actions, the Operation in the response will have "done": false, it will not have a response, and the metadata will have "state": "awaiting-multi-party-approval".
  • idpCredentials — Operations on the 'idpCredentials' resource

inboundSsoAssignments

  • create — Creates an InboundSsoAssignment for users and devices in a Customer under a given Group or OrgUnit.
  • delete — Deletes an InboundSsoAssignment. To disable SSO, Create (or Update) an assignment that has sso_mode == SSO_OFF.
  • get — Gets an InboundSsoAssignment.
  • list — Lists the InboundSsoAssignments for a Customer.
  • patch — Updates an InboundSsoAssignment. The body of this request is the inbound_sso_assignment field and the update_mask is relative to that. For example: a PATCH to /v1/inboundSsoAssignments/0abcdefg1234567&update_mask=rank with a body of { "rank": 1 } moves that (presumably group-targeted) SSO assignment to the highest priority and shifts any other group-targeted assignments down in priority.

policies

  • get — Get a policy.
  • list — List policies.

Discovering Commands

Before calling any API method, inspect it:

# Browse resources and methods
gws cloudidentity --help

# Inspect a method's required params, types, and defaults
gws schema cloudidentity.\x3Cresource>.\x3Cmethod>

Use gws schema output to build your --params and --json flags.

Usage Guidance
This skill delegates authentication to a sibling file ('../gws-shared/SKILL.md') or to running 'gws generate-skills' but does not declare any credential requirements. Before installing or invoking it, verify the source and trustworthiness of the 'gws' CLI and the 'gws-shared' artifacts: inspect the contents of ../gws-shared/SKILL.md (or the files generated by 'gws generate-skills') to see what credentials or tokens would be created or used. Only grant least-privilege Google IAM roles required for the specific operations you need (avoid owner/editor). If you cannot inspect the shared SKILL or the 'gws' binary comes from an unknown origin, run in a sandbox or decline installation. Be especially cautious because the CLI can perform destructive, high-privilege actions (deleting groups, wiping devices, modifying memberships).
Capability Analysis
Type: OpenClaw Skill Name: gws-cloudidentity Version: 1.0.0 The skill bundle is a standard documentation-based wrapper for the 'gws' CLI tool, specifically targeting Google Cloud Identity management. It provides instructions for an AI agent to manage groups, devices, and SSO profiles using structured commands (SKILL.md). There is no evidence of malicious intent, data exfiltration, or prompt injection attacks; the high-privilege operations described (e.g., device wiping, SSO configuration) are consistent with the stated administrative purpose of the tool.
Capability Assessment
Purpose & Capability
The skill is an instruction-only wrapper around the 'gws' CLI for Cloud Identity operations. Requiring the 'gws' binary is coherent with the description. However, the SKILL.md points to ../gws-shared/SKILL.md for auth/global flags/security rules — the skill does not declare any credentials itself, which is an unexpected delegation and creates an information gap about how auth is performed.
Instruction Scope
Instructions explicitly tell the agent to read a sibling file ('../gws-shared/SKILL.md') for auth and security rules and, if missing, to run 'gws generate-skills' to create it. That directs the agent to access and potentially create files outside the skill's folder (possible creation of auth/config artifacts). The rest of the SKILL.md guides the agent to run arbitrary 'gws cloudidentity <resource> <method> [flags]' commands which can perform highly privileged actions (delete groups, wipe devices, change memberships). The combination of file access instructions plus powerful CLI actions is broader than the skill's declared requirements alone imply.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low risk in terms of on-disk installation by the skill itself. The only binary requirement is 'gws' which must already exist on PATH.
Credentials
The skill declares no required environment variables or primary credential, yet its prerequisite references an external shared SKILL.md for authentication. This is inconsistent: managing Cloud Identity requires authenticated Google credentials (OAuth, service account, or gcloud ADC). The skill gives no visibility into what credentials will be used, how they are created, or where they are stored.
Persistence & Privilege
always is false and there is no install that embeds the skill persistently. However, the instructions may cause the agent to generate or read a shared configuration file ('gws generate-skills' / '../gws-shared/SKILL.md'), which could create persistent auth/config artifacts on disk. Autonomous invocation is allowed (default) — combine that with unclear auth handling and powerful API actions to get elevated impact.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gws-cloudidentity
  3. After installation, invoke the skill by name or use /gws-cloudidentity
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of gws-cloudidentity skill - Provides CLI commands to manage Google Cloud Identity resources including groups, memberships, devices, and SSO profiles. - Supports actions such as create, get, list, delete, patch, and additional resource-specific operations. - Includes prerequisite instructions for authentication and security. - Offers command discovery via help and schema inspection tools. - Requires the `gws` CLI binary.
Metadata
Slug gws-cloudidentity
Version 1.0.0
License
All-time Installs 3
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Gws Cloudidentity?

Google Cloud Identity: Manage identity groups and memberships. It is an AI Agent Skill for Claude Code / OpenClaw, with 283 downloads so far.

How do I install Gws Cloudidentity?

Run "/install gws-cloudidentity" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gws Cloudidentity free?

Yes, Gws Cloudidentity is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gws Cloudidentity support?

Gws Cloudidentity is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gws Cloudidentity?

It is built and maintained by googleworkspace-bot (@googleworkspace-bot); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments