← 返回 Skills 市场
google-workspace-cli
作者
Alireza Rezvani
· GitHub ↗
· v1.0.0
· MIT-0
356
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install cs-google-workspace-cli
功能描述
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audi...
使用说明 (SKILL.md)
Google Workspace CLI
Expert guidance and automation for Google Workspace administration using the open-source gws CLI. Covers installation, authentication, 18+ service APIs, 43 built-in recipes, and 10 persona bundles for role-based workflows.
Quick Start
Check Installation
# Verify gws is installed and authenticated
python3 scripts/gws_doctor.py
Send an Email
gws gmail users.messages send me --to "[email protected]" \
--subject "Weekly Update" --body "Here's this week's summary..."
List Drive Files
gws drive files list --json --limit 20 | python3 scripts/output_analyzer.py --select "name,mimeType,modifiedTime" --format table
Installation
npm (recommended)
npm install -g @anthropic/gws
gws --version
Cargo (from source)
cargo install gws-cli
gws --version
Pre-built Binaries
Download from github.com/googleworkspace/cli/releases for macOS, Linux, or Windows.
Verify Installation
python3 scripts/gws_doctor.py
# Checks: PATH, version, auth status, service connectivity
Authentication
OAuth Setup (Interactive)
# Step 1: Create Google Cloud project and OAuth credentials
python3 scripts/auth_setup_guide.py --guide oauth
# Step 2: Run auth setup
gws auth setup
# Step 3: Validate
gws auth status --json
Service Account (Headless/CI)
# Generate setup instructions
python3 scripts/auth_setup_guide.py --guide service-account
# Configure with key file
export GWS_SERVICE_ACCOUNT_KEY=/path/to/key.json
export [email protected]
gws auth status
Environment Variables
# Generate .env template
python3 scripts/auth_setup_guide.py --generate-env
| Variable | Purpose |
|---|---|
GWS_CLIENT_ID |
OAuth client ID |
GWS_CLIENT_SECRET |
OAuth client secret |
GWS_TOKEN_PATH |
Custom token storage path |
GWS_SERVICE_ACCOUNT_KEY |
Service account JSON key path |
GWS_DELEGATED_USER |
User to impersonate (service accounts) |
GWS_DEFAULT_FORMAT |
Default output format (json/ndjson/table) |
Validate Authentication
python3 scripts/auth_setup_guide.py --validate --json
# Tests each service endpoint
Workflow 1: Gmail Automation
Goal: Automate email operations — send, search, label, and filter management.
Send and Reply
# Send a new email
gws gmail users.messages send me --to "[email protected]" \
--subject "Proposal" --body "Please find attached..." \
--attachment proposal.pdf
# Reply to a thread
gws gmail users.messages reply me --thread-id \x3CTHREAD_ID> \
--body "Thanks for your feedback..."
# Forward a message
gws gmail users.messages forward me --message-id \x3CMSG_ID> \
--to "[email protected]"
Search and Filter
# Search emails
gws gmail users.messages list me --query "from:[email protected] after:2025/01/01" --json \
| python3 scripts/output_analyzer.py --count
# List labels
gws gmail users.labels list me --json
# Create a filter
gws gmail users.settings.filters create me \
--criteria '{"from":"[email protected]"}' \
--action '{"addLabelIds":["Label_123"],"removeLabelIds":["INBOX"]}'
Bulk Operations
# Archive all read emails older than 30 days
gws gmail users.messages list me --query "is:read older_than:30d" --json \
| python3 scripts/output_analyzer.py --select "id" --format json \
| xargs -I {} gws gmail users.messages modify me {} --removeLabelIds INBOX
Workflow 2: Drive & Sheets
Goal: Manage files, create spreadsheets, configure sharing, and export data.
File Operations
# List files
gws drive files list --json --limit 50 \
| python3 scripts/output_analyzer.py --select "name,mimeType,size" --format table
# Upload a file
gws drive files create --name "Q1 Report" --upload report.pdf \
--parents \x3CFOLDER_ID>
# Create a Google Sheet
gws sheets spreadsheets create --title "Budget 2026" --json
# Download/export
gws drive files export \x3CFILE_ID> --mime "application/pdf" --output report.pdf
Sharing
# Share with user
gws drive permissions create \x3CFILE_ID> \
--type user --role writer --emailAddress "[email protected]"
# Share with domain (view only)
gws drive permissions create \x3CFILE_ID> \
--type domain --role reader --domain "company.com"
# List who has access
gws drive permissions list \x3CFILE_ID> --json
Sheets Data
# Read a range
gws sheets spreadsheets.values get \x3CSHEET_ID> --range "Sheet1!A1:D10" --json
# Write data
gws sheets spreadsheets.values update \x3CSHEET_ID> --range "Sheet1!A1" \
--values '[["Name","Score"],["Alice",95],["Bob",87]]'
# Append rows
gws sheets spreadsheets.values append \x3CSHEET_ID> --range "Sheet1!A1" \
--values '[["Charlie",92]]'
Workflow 3: Calendar & Meetings
Goal: Schedule events, find available times, and generate standup reports.
Event Management
# Create an event
gws calendar events insert primary \
--summary "Sprint Planning" \
--start "2026-03-15T10:00:00" --end "2026-03-15T11:00:00" \
--attendees "[email protected]" \
--location "Conference Room A"
# List upcoming events
gws calendar events list primary --timeMin "$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
--maxResults 10 --json
# Quick event (natural language)
gws helpers quick-event "Lunch with Sarah tomorrow at noon"
Find Available Time
# Check free/busy for multiple people
gws helpers find-time \
--attendees "[email protected],[email protected],[email protected]" \
--duration 60 --within "2026-03-15,2026-03-19" --json
Standup Report
# Generate daily standup from calendar + tasks
gws recipes standup-report --json \
| python3 scripts/output_analyzer.py --format table
# Meeting prep (agenda + attendee info)
gws recipes meeting-prep --event-id \x3CEVENT_ID>
Workflow 4: Security Audit
Goal: Audit Google Workspace security configuration and generate remediation commands.
Run Full Audit
# Full audit across all services
python3 scripts/workspace_audit.py --json
# Audit specific services
python3 scripts/workspace_audit.py --services gmail,drive,calendar
# Demo mode (no gws required)
python3 scripts/workspace_audit.py --demo
Audit Checks
| Area | Check | Risk |
|---|---|---|
| Drive | External sharing enabled | Data exfiltration |
| Gmail | Auto-forwarding rules | Data exfiltration |
| Gmail | DMARC/SPF/DKIM records | Email spoofing |
| Calendar | Default sharing visibility | Information leak |
| OAuth | Third-party app grants | Unauthorized access |
| Admin | Super admin count | Privilege escalation |
| Admin | 2-Step verification enforcement | Account takeover |
Review and Remediate
# Review findings
python3 scripts/workspace_audit.py --json | python3 scripts/output_analyzer.py \
--filter "status=FAIL" --select "area,check,remediation"
# Execute remediation (example: restrict external sharing)
gws drive about get --json # Check current settings
# Follow remediation commands from audit output
Python Tools
| Script | Purpose | Usage |
|---|---|---|
gws_doctor.py |
Pre-flight diagnostics | python3 scripts/gws_doctor.py [--json] [--services gmail,drive] |
auth_setup_guide.py |
Guided auth setup | python3 scripts/auth_setup_guide.py --guide oauth |
gws_recipe_runner.py |
Recipe catalog & runner | python3 scripts/gws_recipe_runner.py --list [--persona pm] |
workspace_audit.py |
Security/config audit | python3 scripts/workspace_audit.py [--json] [--demo] |
output_analyzer.py |
JSON/NDJSON analysis | gws ... --json | python3 scripts/output_analyzer.py --count |
All scripts are stdlib-only, support --json output, and include demo mode with embedded sample data.
Best Practices
Security
- Use OAuth with minimal scopes — request only what each workflow needs
- Store tokens in the system keyring, never in plain text files
- Rotate service account keys every 90 days
- Audit third-party OAuth app grants quarterly
- Use
--dry-runbefore bulk destructive operations
Automation
- Pipe
--jsonoutput throughoutput_analyzer.pyfor filtering and aggregation - Use recipes for multi-step operations instead of chaining raw commands
- Select a persona bundle to scope recipes to your role
- Use NDJSON format (
--format ndjson) for streaming large result sets - Set
GWS_DEFAULT_FORMAT=jsonin your shell profile for scripting
Performance
- Use
--fieldsto request only needed fields (reduces payload size) - Use
--limitto cap results when browsing - Use
--page-allonly when you need complete datasets - Batch operations with recipes rather than individual API calls
- Cache frequently accessed data (e.g., label IDs, folder IDs) in variables
Limitations
| Constraint | Impact |
|---|---|
| OAuth tokens expire after 1 hour | Re-auth needed for long-running scripts |
| API rate limits (per-user, per-service) | Bulk operations may hit 429 errors |
| Scope requirements vary by service | Must request correct scopes during auth |
| Pre-v1.0 CLI status | Breaking changes possible between releases |
| Google Cloud project required | Free, but requires setup in Cloud Console |
| Admin API needs admin privileges | Some audit checks require Workspace Admin role |
Required Scopes by Service
# List scopes for specific services
python3 scripts/auth_setup_guide.py --scopes gmail,drive,calendar,sheets
| Service | Key Scopes |
|---|---|
| Gmail | gmail.modify, gmail.send, gmail.labels |
| Drive | drive.file, drive.metadata.readonly |
| Sheets | spreadsheets |
| Calendar | calendar, calendar.events |
| Admin | admin.directory.user.readonly, admin.directory.group |
| Tasks | tasks |
安全使用建议
This package appears to be a legitimate gws CLI assistant, but it requires sensitive Workspace credentials (OAuth client secret or a service-account JSON + delegated admin) even though the registry metadata doesn't declare them. Before using: 1) Confirm the skill's origin (there is no homepage or known source) and prefer code from a trusted repo. 2) Inspect the included scripts yourself (they run local subprocess commands) and consider running them in demo mode or an isolated environment first. 3) If you supply a service-account key or OAuth client secret, follow least-privilege practice: create a dedicated service account with only the required scopes, and restrict domain-wide delegation. 4) Do not paste keys into third-party UIs; store key files on disk and point GWS_SERVICE_ACCOUNT_KEY at the file path. 5) If you are uncomfortable with the missing metadata (env vars/credentials not declared), ask the publisher to fix metadata or avoid installing until provenance is confirmed.
功能分析
Type: OpenClaw Skill
Name: cs-google-workspace-cli
Version: 1.0.0
The skill bundle provides a comprehensive interface for Google Workspace administration, but it contains several high-risk indicators. Most notably, SKILL.md instructs the agent to install a global npm package '@anthropic/gws', which is highly suspicious as Anthropic is an AI company and not the provider of official Google Workspace tools, suggesting a potential supply chain or brandjacking attack. Additionally, gws_recipe_runner.py executes commands using 'shell=True' in subprocess.run, creating a shell injection vulnerability. While the provided Python scripts do not contain explicit data exfiltration logic, the reliance on unverified external dependencies and the use of insecure execution patterns warrant a suspicious classification.
能力评估
Purpose & Capability
Name and description claim Google Workspace administration via the gws CLI; included scripts (auth_setup_guide.py, gws_doctor.py, workspace_audit.py, recipe runner, output_analyzer) and many command references consistently implement that purpose. Source/homepage is missing which reduces ability to verify authenticity.
Instruction Scope
SKILL.md instructs the agent/user to run the included Python scripts and many gws CLI commands that access Gmail, Drive, Sheets, Calendar, Admin SDK, etc. Those instructions are within the stated purpose, but they explicitly refer to reading environment variables, token/key file paths, and running subprocess gws calls — all expected for an admin tool but also capable of accessing/acting on sensitive data if misused.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded or written to disk by an installer. Code files are bundled in the skill package and are executed locally; no external URL downloads or extract/install steps were specified.
Credentials
Registry metadata declares no required env vars or primary credential, but SKILL.md and bundled scripts clearly require and reference sensitive variables (GWS_CLIENT_ID, GWS_CLIENT_SECRET, GWS_SERVICE_ACCOUNT_KEY, GWS_DELEGATED_USER, GWS_TOKEN_PATH). This mismatch is an incoherence: the skill will need sensitive credentials to function but the metadata does not surface that fact to the platform or user.
Persistence & Privilege
Skill is not marked always:true and is user-invocable; it does not request platform-level persistence. The workspace-config.json includes scheduled task examples (cron-style) but those are user configuration examples, not an automatic request for persistent background execution or modification of other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install cs-google-workspace-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/cs-google-workspace-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish (prefixed slug)
元数据
常见问题
google-workspace-cli 是什么?
Google Workspace administration via the gws CLI. Install, authenticate, and automate Gmail, Drive, Sheets, Calendar, Docs, Chat, and Tasks. Run security audi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 356 次。
如何安装 google-workspace-cli?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install cs-google-workspace-cli」即可一键安装,无需额外配置。
google-workspace-cli 是免费的吗?
是的,google-workspace-cli 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
google-workspace-cli 支持哪些平台?
google-workspace-cli 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 google-workspace-cli?
由 Alireza Rezvani(@alirezarezvani)开发并维护,当前版本 v1.0.0。
推荐 Skills