← 返回 Skills 市场
Gmail Gog Setup
作者
stefanferreira
· GitHub ↗
· v1.0.0
· MIT-0
81
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install gmail-gog-setup
功能描述
Set up Gog CLI for Gmail access and authenticate agent mailboxes.
使用说明 (SKILL.md)
Gmail + Gog Setup
Use this skill when you need to give an agent (e.g., Facet, competitions agent) access to a Gmail inbox via Gog CLI.
When to use
- Creating a new agent mailbox (e.g., [email protected])
- Setting up Gmail reading capability for an existing agent
- Troubleshooting Gog auth failures
- Adding new OAuth clients or test users
Prerequisites
1. Google Cloud OAuth client
- Create a Desktop app OAuth client in Google Cloud Console
- Enable Gmail API
- Add target Gmail address as a test user in OAuth consent screen
- Download the client JSON file
2. Gog installed
# Install Gog from latest release
cd /tmp
curl -L -o gogcli_0.12.0_linux_amd64.tar.gz https://github.com/steipete/gogcli/releases/download/v0.12.0/gogcli_0.12.0_linux_amd64.tar.gz
tar -xzf gogcli_0.12.0_linux_amd64.tar.gz
install -m 0755 gog /usr/local/bin/gog
Steps
1. Store OAuth credentials
gog auth credentials /path/to/client_secret_....json
2. Authenticate the Gmail account
export GOG_KEYRING_PASSWORD='your-keyring-password'
gog auth add [email protected] --services gmail --manual
- Open the provided auth URL in browser
- Log in as the target Gmail account
- Approve requested permissions
- Copy the redirect URL (localhost) after Google redirects
- Paste it into the waiting Gog prompt
3. Verify access
gog auth list
gog gmail messages search 'newer_than:7d' --account [email protected] --json
4. Check spam
New senders often land in spam:
gog gmail messages search 'in:spam newer_than:7d' --account [email protected] --json
Common issues
"No auth for gmail"
- Verify test user is added in Google Cloud OAuth consent screen
- Re-run auth with
--force-consentif needed
"state mismatch"
The auth session restarted. Use the latest auth URL and callback.
"no TTY available for keyring file backend"
Set GOG_KEYRING_PASSWORD environment variable before running gog auth add.
Emails going to spam
- Move from spam to inbox:
gog gmail messages modify \x3Cmsg_id> --remove SPAM --add INBOX - Consider training Gmail by marking as "Not spam"
Notes
- Store OAuth client JSON in
~/.openclaw/credentials/google/ - Keep
GOG_KEYRING_PASSWORDin a secure environment variable or secret manager - For production, consider service account with domain-wide delegation instead of OAuth
- Always check spam folder for important verification/API emails
References
安全使用建议
This skill appears to do what it claims (configure Gog to access Gmail), but take these precautions before running the commands: 1) Verify the GitHub release URL and prefer checksums/signatures or your OS package manager where possible rather than piping curl into an install location. 2) Installing to /usr/local/bin may require sudo—only install binaries you trust. 3) The SKILL.md asks you to set GOG_KEYRING_PASSWORD and store OAuth client JSON in ~/.openclaw, but these environment/config requirements are not declared in metadata — treat those files and variables as sensitive secrets and use a secret manager or restrictive file permissions. 4) When creating OAuth credentials, limit scopes, add only necessary test users, and revoke the client when no longer needed. 5) If you intend an agent to use this access autonomously, be extra cautious: verify access controls and rotate credentials regularly. If you want higher assurance, ask the skill author to add a formal install spec, declare required env vars (e.g., GOG_KEYRING_PASSWORD), and provide CI-verified binary checksums or a package-manager-based install option.
功能分析
Type: OpenClaw Skill
Name: gmail-gog-setup
Version: 1.0.0
The skill provides instructions to download and install a third-party binary ('gog') directly from a GitHub release URL and install it into a system directory (/usr/local/bin) without any checksum or signature verification (SKILL.md). While these actions are aligned with the stated purpose of setting up Gmail access, the use of unverified remote downloads and high-privileged installation steps represents a significant supply-chain risk and a vulnerability that could be exploited if the remote repository were compromised.
能力标签
能力评估
Purpose & Capability
Name/description, required binary (gog), and the SKILL.md all describe installing and configuring Gog for Gmail OAuth access — this is internally consistent. The skill legitimately needs Gog and Google OAuth credentials to do what it says.
Instruction Scope
Instructions concentrate on Gmail OAuth and Gog usage (creating an OAuth client, adding test user, running gog auth commands). They also include OS-level install commands (curl, tar, install to /usr/local/bin) and guidance to store client JSON under ~/.openclaw; these are appropriate for the task but require local filesystem and possibly elevated privileges. The SKILL.md also references an environment variable (GOG_KEYRING_PASSWORD) and a recommended credential path that are not declared in the skill metadata.
Install Mechanism
The SKILL.md contains a direct download from a GitHub Releases URL and a tar extraction followed by installing a binary to /usr/local/bin. GitHub Releases is a known host, so this is expected for installing a CLI, but it is higher-risk than a package-manager install because it writes files to disk and may require elevated privileges. The skill has no formal install spec in metadata (it's instruction-only).
Credentials
The skill metadata declares no required environment variables, but the instructions explicitly tell the user to set GOG_KEYRING_PASSWORD and to store OAuth client JSON in ~/.openclaw/credentials/google/. Asking users to create/store OAuth credentials and a keyring password is reasonable for the purpose, however the omission from declared requirements and lack of guidance about protecting these secrets is an inconsistency and a risk (sensitive data handling).
Persistence & Privilege
The skill is instruction-only, does not request 'always: true', and contains no code that would persist or modify other skills. It does instruct the operator to install a system binary under /usr/local/bin (may require sudo), but that is a user-operated step rather than an automated persistent presence requested by the skill.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gmail-gog-setup - 安装完成后,直接呼叫该 Skill 的名称或使用
/gmail-gog-setup触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of gmail-gog-setup.
- Provides step-by-step guidance for setting up Gmail access using Gog CLI.
- Covers Google Cloud OAuth client configuration, Gog installation, and authentication process.
- Includes troubleshooting tips for common setup and authentication errors.
- Offers verification commands and notes for maintaining secure access.
元数据
常见问题
Gmail Gog Setup 是什么?
Set up Gog CLI for Gmail access and authenticate agent mailboxes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 81 次。
如何安装 Gmail Gog Setup?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gmail-gog-setup」即可一键安装,无需额外配置。
Gmail Gog Setup 是免费的吗?
是的,Gmail Gog Setup 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Gmail Gog Setup 支持哪些平台?
Gmail Gog Setup 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Gmail Gog Setup?
由 stefanferreira(@stefanferreira)开发并维护,当前版本 v1.0.0。
推荐 Skills