← 返回 Skills 市场
spinzerus

Gmail Bridge

作者 spinzerus · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
393
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install gmail-bridge
功能描述
Google Workspace Bridge (Gmail, Drive, Sheets, Calendar) via local API at http://127.0.0.1:8787
使用说明 (SKILL.md)

gmail-bridge

Use this skill whenever the user asks about:

  • latest emails / unread emails / email search
  • reading a specific email
  • searching Google Drive files
  • reading/writing Google Sheets ranges
  • checking calendar events or creating events

IMPORTANT BEHAVIOR RULES (for a good assistant experience)

  • Do NOT return Gmail message IDs alone unless the user explicitly asks.
  • For “check my latest email(s)”, return a short list of the latest 5–10 items with: Subject, From, Date, Snippet
  • If the user asks “open email #3” or similar, call get on that message ID and summarize.
  • For Sheets/Drive/Calendar, always show a concise summary and ask a follow-up only when an ID/range/time window is missing.

How to use

Gmail

  1. Latest emails (returns summaries):
  • bash run.sh recent 10
  1. Unread emails:
  • bash run.sh unread 10
  1. Search emails (Gmail query syntax):
  • bash run.sh search "from:amazon subject:invoice" 10
  1. Forward an email to a specific address:
  • bash run.sh forward \x3CmessageId> \x3CemailAddress>
  • For example: bash run.sh forward 19c647bc33f89bdd [email protected]
  1. Email details:
  • bash run.sh get \x3CmessageId> metadata
  • formats: metadata (default), full, raw

Gmail

  1. Latest emails (returns summaries):
  • bash run.sh recent 10
  1. Unread emails:
  • bash run.sh unread 10
  1. Search emails (Gmail query syntax):
  • bash run.sh search "from:amazon subject:invoice" 10
  1. Email details:
  • bash run.sh get \x3CmessageId> metadata
  • formats: metadata (default), full, raw

Drive

  1. Search files (Drive query language):
  • bash run.sh drive-search "name contains 'FutureReady'" 10
  1. Get file metadata:
  • bash run.sh drive-file \x3CfileId>

Sheets

  1. Read a range:
  • bash run.sh sheets-get \x3CspreadsheetId> "Sheet1!A1:D20"
  1. Write values:
  • bash run.sh sheets-set \x3CspreadsheetId> "Sheet1!A1:B2" '[[\"A1\",\"B1\"],[\"A2\",\"B2\"]]'

Calendar

  1. List events:
  • bash run.sh cal-events 10 2026-02-01T00:00:00Z 2026-03-01T00:00:00Z primary
  1. Create an event:
  • bash run.sh cal-create "Workshop" 2026-02-20T02:00:00Z 2026-02-20T03:00:00Z primary "Bangi" "Prep session"

Auth / Security

  • This skill calls a local bridge on 127.0.0.1. If the bridge enforces a secret header, set: export BRIDGE_SECRET="..." before running commands.
  • The bridge uses OAuth tokens stored on the server.
安全使用建议
This skill is close to benign but has a few red flags you should address before installing or using it: - Confirm the bridge really runs on 127.0.0.1:8787 and that you control it. The script defaults to that host, but it will honor a GMAIL_BRIDGE_URL environment variable (not documented in SKILL.md) — ensure no unexpected env var points the skill at a remote host. - The SKILL.md shows a 'forward' command example, but run.sh does not implement a forward case. Expect some documentation/code mismatch and test behavior first. - If your bridge enforces a secret header, set BRIDGE_SECRET locally; otherwise do not export secrets globally. Prefer setting BRIDGE_SECRET only in a controlled shell/session. - Review run.sh locally (it’s short) to confirm it only calls endpoints you expect. If you don’t run a trusted local bridge, do not use this skill. If you want to proceed safely: run the script in a controlled environment, verify BASE_URL (and unset any GMAIL_BRIDGE_URL), and confirm the bridge’s authentication and audit/logging before exposing real mail or files.
功能分析
Type: OpenClaw Skill Name: gmail-bridge Version: 1.0.0 The `run.sh` script contains multiple critical shell injection vulnerabilities. User-controlled parameters such as `max`, `id`, `format`, `fileId`, `spreadsheetId`, and especially `values_json` in the `sheets-set` command, are directly interpolated into `curl` commands or their arguments without proper shell escaping. This allows an attacker to inject arbitrary shell commands, leading to Remote Code Execution (RCE) on the host machine. For example, the `sheets-set` command's `-d` argument is highly vulnerable to shell command injection. While the `SKILL.md` itself does not contain malicious prompt injection, the underlying `run.sh` script's flaws pose a significant security risk.
能力评估
Purpose & Capability
Name/description (local Google Workspace bridge) align with the provided script and examples. Required binaries (curl, jq) are reasonable for an HTTP-to-jq CLI wrapper. There are no excessive permissions or unrelated credentials requested.
Instruction Scope
SKILL.md and run.sh mostly match for read/list/get operations, but SKILL.md documents a 'forward' command and duplicates some sections while run.sh has no 'forward' case — mismatch. SKILL.md states the bridge is at http://127.0.0.1:8787, but the script reads GMAIL_BRIDGE_URL to override the base URL (the SKILL.md documents BRIDGE_SECRET but not GMAIL_BRIDGE_URL). That means the tool can be pointed at a remote endpoint via an environment variable not called out in the README, creating a risk that email/content could be sent off-machine if GMAIL_BRIDGE_URL is set.
Install Mechanism
Instruction-only with a small shell script; there is no install spec or external downloads, so nothing is written to disk beyond the shipped run.sh.
Credentials
SKILL.md documents an optional BRIDGE_SECRET env var (reasonable). However, the script also honors GMAIL_BRIDGE_URL and GMAIL_BRIDGE_URL is not documented in SKILL.md; the skill declares no required env vars but will act on that undocumented variable. An attacker or misconfiguration that sets GMAIL_BRIDGE_URL could redirect data to a non-local host. No other credentials are requested.
Persistence & Privilege
The skill is not always-on, has no install steps that modify system or other skills, and does not request persistent privileges. Model invocation is allowed (default) which is normal for skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gmail-bridge
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gmail-bridge 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
gmail-bridge v1.0.0 – Initial release. - Allows interaction with Gmail, Drive, Sheets, and Calendar via a local API. - Provides clear command examples for reading/sending emails, searching files, editing spreadsheets, and managing calendar events. - Includes important behavior guidelines to ensure concise, user-friendly responses. - Describes authentication and security considerations using a local bridge and OAuth tokens.
元数据
Slug gmail-bridge
版本 1.0.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Gmail Bridge 是什么?

Google Workspace Bridge (Gmail, Drive, Sheets, Calendar) via local API at http://127.0.0.1:8787. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 393 次。

如何安装 Gmail Bridge?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gmail-bridge」即可一键安装,无需额外配置。

Gmail Bridge 是免费的吗?

是的,Gmail Bridge 完全免费(开源免费),可自由下载、安装和使用。

Gmail Bridge 支持哪些平台?

Gmail Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Gmail Bridge?

由 spinzerus(@spinzerus)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论