← Back to Skills Marketplace
eladrave

google-workspace-rave

by eladrave · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
113
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install google-workspace-rave
Description
Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspac...
README (SKILL.md)

Google Workspace Skill

Operate all Google Workspace services through the gws CLI from OpenClaw.

Prerequisites

  • Node.js 18+
  • A Google Cloud project with OAuth credentials
  • gws CLI installed: npm install -g @googleworkspace/cli

Authentication

First-Time Setup & Authentication Workflow (For the Agent)

When a user wants to start using this skill or if credentials are missing, you (the AI agent) MUST follow this specific authentication workflow:

  1. Ask for client_secret.json: Prompt the user to provide their Google Cloud OAuth client_secret.json. They can either upload the file or paste its contents into the chat. Once they do, save it as credentials.json in the workspace.
  2. Explain the Flow: Once you have the file, explain to the user exactly how the auth will work:

    "I have saved your credentials. I am now going to start the authentication process. I'll provide you with a Google login link. You'll need to click it, authorize your account, and then your browser will redirect to a blank http://localhost... page. Copy that full localhost URL and paste it back to me here!"

  3. Run Authentication: Run gws auth login in the background (using your exec tool). Extract the generated Google OAuth URL from the output and send it to the user.
  4. Complete Handshake: When the user replies with the http://localhost... callback URL, use curl to fetch that exact URL. This completes the local webserver handshake for gws. Confirm successful authentication with the user.

Alternative: First-time setup (machine with browser)

gws auth setup        # creates GCP project, enables APIs, logs in
gws auth login -s drive,gmail,sheets,calendar   # pick services you need

Alternative: Headless server (no browser) - PREFERRED MANUAL METHOD

Complete auth on a machine with a browser, then export:

gws auth export --unmasked > credentials.json

Security notes:

  • Set file permissions: chmod 600 credentials.json
  • Do not commit credential files to git — add credentials.json to your .gitignore
  • For production environments, prefer using a service account instead of user credentials

On the headless server:

export GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/credentials.json

Service account

export GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/service-account.json

Pre-obtained token

export GOOGLE_WORKSPACE_CLI_TOKEN=$(gcloud auth print-access-token)

Priority: Token env > Credentials file env > gws auth login store > plaintext file.

Command Pattern

gws \x3Cservice> \x3Cresource> \x3Cmethod> [--params '{}'] [--json '{}'] [flags]

All responses are structured JSON. Use jq for extraction.

Global Flags

Flag Purpose
--dry-run Preview request without executing
--page-all Stream all pages as NDJSON
--fields 'a,b' Select response fields
--output table Table output for humans

Discover commands

gws --help              # list all services
gws drive --help        # list resources in a service
gws drive files --help  # list methods on a resource
gws schema drive.files.list  # full request/response schema

Common Operations

Drive

# List recent files
gws drive files list --params '{"pageSize": 10}'

# Search files
gws drive files list --params '{"q": "name contains '\''report'\''", "pageSize": 20}'

# Upload a file
gws drive +upload ./report.pdf

# Download a file
gws drive files get --params '{"fileId": "FILE_ID", "alt": "media"}' > output.pdf

# Create a folder
gws drive files create --json '{"name": "Project", "mimeType": "application/vnd.google-apps.folder"}'

# Share a file
gws drive permissions create \
  --params '{"fileId": "FILE_ID"}' \
  --json '{"role": "reader", "type": "user", "emailAddress": "[email protected]"}'

# List all pages
gws drive files list --params '{"pageSize": 100}' --page-all | jq -r '.files[].name'

Gmail

# List inbox messages
gws gmail users-messages list --params '{"userId": "me", "maxResults": 10}'

# Read a message
gws gmail users-messages get --params '{"userId": "me", "id": "MSG_ID"}'

# Send an email
gws gmail users-messages send \
  --params '{"userId": "me"}' \
  --json '{"raw": "BASE64_ENCODED_EMAIL"}'

# Search messages
gws gmail users-messages list --params '{"userId": "me", "q": "from:[email protected] is:unread"}'

# List labels
gws gmail users-labels list --params '{"userId": "me"}'

# Create a filter
gws gmail users-settings-filters create \
  --params '{"userId": "me"}' \
  --json '{"criteria": {"from": "[email protected]"}, "action": {"addLabelIds": ["LABEL_ID"], "removeLabelIds": ["INBOX"]}}'

Calendar

# List upcoming events
gws calendar events list --params '{"calendarId": "primary", "timeMin": "2026-01-01T00:00:00Z", "maxResults": 10, "orderBy": "startTime", "singleEvents": true}'

# Create an event
gws calendar events insert \
  --params '{"calendarId": "primary"}' \
  --json '{"summary": "Team Sync", "start": {"dateTime": "2026-03-07T10:00:00+08:00"}, "end": {"dateTime": "2026-03-07T11:00:00+08:00"}, "attendees": [{"email": "[email protected]"}]}'

# Delete an event
gws calendar events delete --params '{"calendarId": "primary", "eventId": "EVENT_ID"}'

# Find free/busy slots
gws calendar freebusy query \
  --json '{"timeMin": "2026-03-07T00:00:00Z", "timeMax": "2026-03-07T23:59:59Z", "items": [{"id": "[email protected]"}]}'

Sheets

# Create a spreadsheet
gws sheets spreadsheets create --json '{"properties": {"title": "Q1 Budget"}}'

# Read cell values
gws sheets spreadsheets-values get --params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1:D10"}'

# Write values
gws sheets spreadsheets-values update \
  --params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1", "valueInputOption": "USER_ENTERED"}' \
  --json '{"values": [["Name", "Amount"], ["Rent", "2000"]]}'

# Append a row
gws sheets spreadsheets-values append \
  --params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1", "valueInputOption": "USER_ENTERED"}' \
  --json '{"values": [["New Item", "500"]]}'

Docs

# Create a document
gws docs documents create --json '{"title": "Meeting Notes"}'

# Get document content
gws docs documents get --params '{"documentId": "DOC_ID"}'

# Insert text (batchUpdate)
gws docs documents batchUpdate \
  --params '{"documentId": "DOC_ID"}' \
  --json '{"requests": [{"insertText": {"location": {"index": 1}, "text": "Hello World\
"}}]}'

Chat

# List spaces
gws chat spaces list

# Send a message
gws chat spaces messages create \
  --params '{"parent": "spaces/SPACE_ID"}' \
  --json '{"text": "Deploy complete ✅"}'

Tasks

# List task lists
gws tasks tasklists list

# List tasks
gws tasks tasks list --params '{"tasklist": "TASKLIST_ID"}'

# Create a task
gws tasks tasks insert \
  --params '{"tasklist": "TASKLIST_ID"}' \
  --json '{"title": "Review PR", "due": "2026-03-10T00:00:00Z"}'

Admin (Directory)

# List users
gws admin users list --params '{"domain": "example.com"}'

# Get user details
gws admin users get --params '{"userKey": "[email protected]"}'

Workflow Patterns

Pipeline: Find → Process → Act

# Find unread emails from boss, extract subjects
gws gmail users-messages list --params '{"userId": "me", "q": "from:boss is:unread"}' \
  | jq -r '.messages[].id' \
  | while read id; do
      gws gmail users-messages get --params "{\"userId\": \"me\", \"id\": \"$id\"}" \
        | jq -r '.payload.headers[] | select(.name=="Subject") | .value'
    done

Dry-run first

Always use --dry-run before destructive operations:

gws drive files delete --params '{"fileId": "FILE_ID"}' --dry-run

Tips

  • Use gws schema \x3Cmethod> to discover exact parameter names and types.
  • All commands accept --params for URL/query parameters and --json for request body.
  • Pipe through jq for field extraction in agent pipelines.
  • Use --page-all for full result sets with automatic pagination.
  • Credentials are encrypted at rest (AES-256-GCM) with OS keyring.

Recipes

For 50+ ready-made workflow recipes (label & archive emails, organize Drive folders, schedule meetings, etc.), see the official recipe library.

Disclaimer

The gws CLI is not an officially supported Google product. It is a community/experimental tool. Use at your own discretion, and refer to the upstream repository for license and support details.

Troubleshooting

Issue Fix
gws: command not found npm install -g @googleworkspace/cli
Auth fails / scope error gws auth login -s drive,gmail (pick specific services)
"Access blocked" on login Add yourself as test user in GCP OAuth consent screen
Headless server Export creds from a desktop, set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE
Rate limited Add delays between calls, reduce pageSize
Usage Guidance
This skill appears to be a legitimate wrapper for the gws CLI, but exercise caution before installing or handing over credentials. Actions to consider before proceeding: - Verify provenance: the registry metadata, _meta.json, and README disagree on owner/slug/version and there is no homepage; prefer skills with clear, consistent provenance. - Prefer safer auth flows: do the OAuth handshake on a machine you control (desktop with browser), then export a limited credentials file or use a service account with narrowly scoped permissions rather than pasting client_secret.json into chat. - Minimize scope: when running `gws auth login`, request only the scopes you need instead of granting broad access. - Do not paste long-lived secrets or private keys into chat. If you must provide credentials, restrict file permissions (chmod 600), store them outside shared workspaces, and add them to .gitignore as advised. - Inspect the npm package (@googleworkspace/cli) on the upstream registry/GitHub to confirm it’s the expected project and review recent releases/maintainers. - Treat any localhost callback URL or token the agent receives as sensitive; assume it could be exposed if the agent or workspace is compromised. If you want to proceed but reduce risk: perform authentication locally, export the minimal credentials file, then set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE in the target environment rather than uploading secrets through the agent.
Capability Analysis
Type: OpenClaw Skill Name: google-workspace-rave Version: 1.0.2 The skill provides extensive control over Google Workspace APIs by wrapping the `gws` CLI, requiring high-risk capabilities such as shell execution (`exec`) and network requests (`curl`). The `SKILL.md` file contains specific instructions for the AI agent to manage sensitive OAuth credentials and perform a manual authentication handshake by curling a user-provided URL. While these actions are plausibly needed for the stated purpose, the combination of broad access to private data (Gmail, Drive, etc.) and the requirement for the agent to handle raw credential files and perform unvalidated network calls constitutes a significant security risk.
Capability Assessment
Purpose & Capability
The name/description claim to wrap the official `gws` CLI and the skill declares the `gws` binary and installs @googleworkspace/cli via npm — this is consistent. However, package/metadata inconsistencies exist: the registry metadata (owner id, slug, version) does not match values in _meta.json and README, and there's no homepage. That mismatch suggests the skill may have been repackaged or modified without clear provenance.
Instruction Scope
SKILL.md explicitly instructs the agent to request the user's Google Cloud OAuth client_secret.json, save it to the workspace, run `gws auth login` (via exec), extract and forward the OAuth login URL, and then curl the localhost callback URL provided by the user to complete the handshake. Those steps are required to obtain OAuth tokens for workspace management, so they are within the skill's purpose — but they involve collecting and storing sensitive credentials and an auth callback URL (which encodes authorization data). The instructions give the agent direct, unsupervised authority to handle secrets and to perform network operations, which raises confidentiality and exfiltration risk.
Install Mechanism
Install uses npm to install @googleworkspace/cli and creates the `gws` binary. Using npm for a CLI wrapper is expected and traceable; this is a common and proportionate install method. Note that npm packages are a moderate-risk install vector compared with trusted package repos, so verifying package origin is prudent.
Credentials
The skill does not require unrelated environment variables or credentials beyond what the gws workflow reasonably needs (credentials file, token, or service account JSON). The SKILL.md documents optional env vars like GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE and token usage. Requiring or asking for OAuth client_secret.json and exported credentials is proportionate to the declared functionality but is sensitive and should be minimized (prefer service accounts or pre-provisioned credentials).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It instructs the agent to write credentials.json into the workspace (its own working area), which is normal for credential-driven CLI usage, but storing credentials in the agent workspace increases the risk that other skills or logs could access them — consider filesystem protections and least-privilege practices.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install google-workspace-rave
  3. After installation, invoke the skill by name or use /google-workspace-rave
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Added explicit first-time setup & authentication workflow for AI agents
v1.0.1
Updated documentation to mark Headless server as the preferred method
v1.0.0
Initial publish under new name
Metadata
Slug google-workspace-rave
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is google-workspace-rave?

Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspac... It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.

How do I install google-workspace-rave?

Run "/install google-workspace-rave" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is google-workspace-rave free?

Yes, google-workspace-rave is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does google-workspace-rave support?

google-workspace-rave is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created google-workspace-rave?

It is built and maintained by eladrave (@eladrave); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments