← Back to Skills Marketplace
🔌

Google Cloud STS

by OOMOL · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
29
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install oo-gcloud-sts
Description
Google Cloud STS (cloud.google.com). Use this skill for ANY Google Cloud STS request — searching and reading data. Whenever a task involves Google Cloud STS,...
README (SKILL.md)

Google Cloud STS

Operate Google Cloud STS through your OOMOL-connected account. This skill calls the gcloud_sts connector with the oo CLI; OOMOL injects credentials server-side, so you never handle raw tokens.

Category: Security & Identity, Developer Tools. Exposes 1 action(s).

Running an action

Assume the user has already installed the oo CLI, signed in, and connected Google Cloud STS. Do not run oo auth login or open the connection URL proactively — just run the action. Fall back to First-time setup only when a command actually fails with an auth or connection error.

1. Inspect the contract to get the authoritative input/output schema before building a payload:

oo connector schema "gcloud_sts" --action "\x3Caction_name>"

2. Run the action with a JSON payload that matches the input schema:

oo connector run "gcloud_sts" --action "\x3Caction_name>" --data '\x3Cjson>' --json
  • --data takes a JSON object string or @path/to/file.json; omit it to send {}.
  • The response is { "data": ..., "meta": { "executionId": "..." } }; the execution id lives under meta.executionId.

Each action below links to a reference file with its purpose and exact commands. Read the linked file, then fetch the live schema with oo connector schema before constructing --data.

Available actions

  • get_federated_access_token — Exchange the connected OOMOL OIDC token with Google Cloud Workload Identity Federation and return a Google Cloud access token.

Safety

  • Read actions (get / list / search) are safe to run directly.
  • Create, update, send, or post actions change Google Cloud STS state — confirm the exact payload and effect with the user before running.
  • Delete or remove actions are destructive — always confirm the target and get explicit approval first.

First-time setup

These are one-time steps — do not repeat them on every call. Run a step only when a command fails for the matching reason.

  • oo: command not found — install the oo CLI (other platforms: \x3Chttps://cli.oomol.com/install-guide.md>):

    curl -fsSL https://cli.oomol.com/install.sh | bash    # macOS / Linux

    irm https://cli.oomol.com/install.ps1 | iex           # Windows PowerShell

  • Not signed in / authentication error — sign in to your OOMOL account once:

    oo auth login

  • scope_missing / credential_expired / app_not_ready / app_not_found — Google Cloud STS is not connected, or the connection expired or lacks a scope. Connect once (auth type: federated) at:

    https://console.oomol.com/app-connections?provider=gcloud_sts

  • HTTP 402 / OOMOL_INSUFFICIENT_CREDIT — billing stop. Recharge at https://console.oomol.com/billing/token-recharge before retrying.

Resources

Usage Guidance
Install only if you intentionally want an agent to obtain Google Cloud federated access tokens through your OOMOL connection. Treat returned tokens as secrets, avoid logging or pasting them into unrelated tools, and verify the Google Cloud scopes, target project, and intended use before running the action.
Capability Tags
requires-oauth-tokenrequires-sensitive-credentials
Capability Assessment
Purpose & Capability
The stated purpose is Google Cloud STS federation, and the only action does exactly that: exchanges an OOMOL OIDC token for a Google Cloud access token. That capability is inherently high-impact because the returned token can authorize access to Google Cloud resources.
Instruction Scope
The skill says to use it for any Google Cloud STS request, including searching and reading data, while the only available action returns an access token. It also tells the agent to run the action directly and does not require explicit user confirmation before credential issuance.
Install Mechanism
The artifact is markdown-only and declares Bash access scoped to oo commands, with no bundled executable code. It does include first-time setup guidance using remote oo CLI install commands, but only as a fallback when the CLI is missing.
Credentials
Use of an OOMOL-connected account is coherent for this purpose, but exposing a raw Google Cloud access token is a broad credential handoff compared with a narrower connector workflow that performs a specific downstream operation.
Persistence & Privilege
No persistence, background worker, file indexing, or hidden privilege escalation is present in the artifacts. The main privilege concern is short-lived credential issuance and possible leakage or reuse outside the intended workflow.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install oo-gcloud-sts
  3. After installation, invoke the skill by name or use /oo-gcloud-sts
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Adds the initial `oo-gcloud-sts` skill for operating Google Cloud Security Token Service through an OOMOL-connected account. - Provides a `get_federated_access_token` action to exchange the connected OOMOL OIDC token via Google Cloud Workload Identity Federation. - Returns a Google Cloud access token without requiring users or agents to handle raw upstream credentials directly. - Documents the standard `oo connector schema` and `oo connector run` workflow for inspecting live action contracts and executing the connector. - Includes setup and recovery guidance for missing CLI installation, authentication failures, expired connections, missing scopes, billing stops, and related connector errors.
Metadata
Slug oo-gcloud-sts
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Google Cloud STS?

Google Cloud STS (cloud.google.com). Use this skill for ANY Google Cloud STS request — searching and reading data. Whenever a task involves Google Cloud STS,... It is an AI Agent Skill for Claude Code / OpenClaw, with 29 downloads so far.

How do I install Google Cloud STS?

Run "/install oo-gcloud-sts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Google Cloud STS free?

Yes, Google Cloud STS is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Google Cloud STS support?

Google Cloud STS is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Google Cloud STS?

It is built and maintained by OOMOL (@oomol); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments