← Back to Skills Marketplace
896
Downloads
0
Stars
4
Active Installs
1
Versions
Install in OpenClaw
/install google-gog
Description
OAuth token refresh management for Google APIs via gog CLI.
README (SKILL.md)
Google Services (gog CLI)
Configuration
- Account:
[email protected] - Credentials:
~/.openclaw/credentials/client_secret.json - Token Storage: OS Keyring (auto-encrypted)
Refresh Token Lifecycle
Tokens auto-refresh transparently on API calls. No action needed.
If token invalid:
gog auth add [email protected] --services gmail,drive,calendar --manual --force-consent
For automation (cron/headless):
export GOG_KEYRING_BACKEND=file
export GOG_KEYRING_PASSWORD=\x3Cpassword>
gog auth list --check # Check token validity and expiration
Quick Commands
# Gmail: send, search
gog gmail send [email protected] --subject "Hi" --body "Message"
gog gmail search "newer_than:7d"
# Drive: list, upload, download
gog drive ls /
gog drive upload file.txt /
gog drive download /file.txt ./output.txt
# Check token health
gog auth list --check
Usage Guidance
This skill's instructions expect you to already have the 'gog' CLI, a client_secret.json at ~/.openclaw/credentials, and to set a keyring password via GOG_KEYRING_PASSWORD, but none of those are listed in the metadata — that's the main inconsistency. Before installing or running commands: 1) Verify the origin and integrity of the gog CLI binary (don't run unknown binaries). 2) Replace the hardcoded email and credentials path with your own account and your own client_secret.json; do not use the embedded account. 3) Avoid exporting secrets in plaintext environment variables when possible; prefer native OS keyrings and documented secure workflows. 4) Confirm what 'gog' does with stored tokens (network endpoints it contacts) to ensure no unexpected exfiltration. 5) Ask the skill author to update the metadata to declare required binaries, config paths, and env vars (or provide an installer) so you can audit dependencies. If you can't verify these points, run the tool in a sandboxed or isolated environment rather than on production data.
Capability Analysis
Type: OpenClaw Skill
Name: google-gog
Version: 1.0.0
The skill bundle provides instructions for using the `gog` CLI tool to manage Google API OAuth tokens and interact with Google services like Gmail and Drive. All commands and configurations described in `SKILL.md` are standard operations for such a tool, including specifying credential paths (`~/.openclaw/credentials/client_secret.json`) and token storage mechanisms. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to mislead the agent into performing harmful or unauthorized actions. The content is aligned with the stated purpose of managing Google services.
Capability Assessment
Purpose & Capability
The skill claims to manage Google OAuth tokens via the 'gog' CLI, which is a coherent purpose, but the registry metadata declares no required binaries, env vars, or config paths. The SKILL.md clearly expects the 'gog' binary, a credentials file (~/.openclaw/credentials/client_secret.json), and a keyring backend — these are missing from the declared requirements.
Instruction Scope
The runtime instructions tell the agent/user to run gog commands that will read a local credentials file and to export GOG_KEYRING_PASSWORD for headless operation. Those instructions reference reading local config and setting secret-bearing env vars that are outside the declared scope. The SKILL.md also hardcodes a specific email account ([email protected]), which is unexpected and could mislead users into reusing someone else's identity or credentials.
Install Mechanism
There is no install spec (instruction-only), which reduces the risk of arbitrary code being downloaded. However, this also means the skill implicitly depends on the host having the 'gog' CLI and a keyring available — dependencies that should be declared but are not.
Credentials
The SKILL.md instructs exporting GOG_KEYRING_PASSWORD and references a credentials JSON path, but the metadata lists no required env vars or config paths. Requesting a password via environment and recommending a file keyring backend (GOG_KEYRING_BACKEND=file) can expose secrets if not used carefully; these sensitive requirements should be explicitly declared and justified.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It instructs storing tokens in the OS keyring (normal for credential tools) and does not ask to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install google-gog - After installation, invoke the skill by name or use
/google-gog - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Google Services (gog CLI) skill.
- Provides OAuth token refresh management for Google APIs using the gog CLI.
- Supports Gmail, Drive, and Calendar via straightforward CLI commands.
- Tokens are auto-refreshed and securely stored in the OS keyring.
- Includes instructions for manual re-authentication and automation scenarios.
- Quick command examples available for common Gmail and Drive tasks.
Metadata
Frequently Asked Questions
What is Google Gog?
OAuth token refresh management for Google APIs via gog CLI. It is an AI Agent Skill for Claude Code / OpenClaw, with 896 downloads so far.
How do I install Google Gog?
Run "/install google-gog" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Google Gog free?
Yes, Google Gog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Google Gog support?
Google Gog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Google Gog?
It is built and maintained by herry3zz (@herry3zz); the current version is v1.0.0.
More Skills