← 返回 Skills 市场

Gog Jasmine Yottol

Name: Gog Jasmine Yottol
Author: yottol

作者 GIZMO · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install gog-jasmine-yottol

功能描述

Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.

使用说明 (SKILL.md)

gog

Use gog for Gmail/Calendar/Drive/Contacts/Sheets/Docs. Requires OAuth setup.

Setup (once)

gog auth credentials /path/to/client_secret.json
gog auth add [email protected] --services gmail,calendar,drive,contacts,sheets,docs
gog auth list

Common commands

Gmail search: gog gmail search 'newer_than:7d' --max 10
Gmail send: gog gmail send --to [email protected] --subject "Hi" --body "Hello"
Calendar: gog calendar events \x3CcalendarId> --from \x3Ciso> --to \x3Ciso>
Drive search: gog drive search "query" --max 10
Contacts: gog contacts list --max 20
Sheets get: gog sheets get \x3CsheetId> "Tab!A1:D10" --json
Sheets update: gog sheets update \x3CsheetId> "Tab!A1:B2" --values-json '[["A","B"],["1","2"]]' --input USER_ENTERED
Sheets append: gog sheets append \x3CsheetId> "Tab!A:C" --values-json '[["x","y","z"]]' --insert INSERT_ROWS
Sheets clear: gog sheets clear \x3CsheetId> "Tab!A2:Z"
Sheets metadata: gog sheets metadata \x3CsheetId> --json
Docs export: gog docs export \x3CdocId> --format txt --out /tmp/doc.txt
Docs cat: gog docs cat \x3CdocId>

Notes

Set [email protected] to avoid repeating --account.
For scripting, prefer --json plus --no-input.
Sheets values can be passed via --values-json (recommended) or as inline rows.
Docs supports export/cat/copy. In-place edits require a Docs API client (not in gog).
Confirm before sending mail or creating events.

安全使用建议

This skill generally does what it says (a gog CLI helper) but the bundle includes an OAuth client credentials file (credentials.json) that was not declared in the manifest. That client_id/client_secret may belong to the author or a third party — using it means you're relying on their OAuth client rather than your own, which can expose you to privacy/tracking or token misuse. Before installing: 1) verify the brew tap and project homepage (https://gogcli.sh) and confirm the maintainer identity; 2) avoid using the bundled credentials.json — create your own Google OAuth client and run 'gog auth credentials /path/to/your_client_secret.json'; 3) do not paste or expose refresh tokens; 4) if you must test quickly, treat the included client as untrusted and avoid giving it wide scopes (or inspect Google Cloud console for that client_id if possible); 5) consider installing only from trusted package sources and review the gog binary's source code. These steps will reduce the risk from the unexplained client_secret included in the package.

功能分析

Type: OpenClaw Skill Name: gog-jasmine-yottol Version: 1.0.0 The skill bundle includes a hardcoded Google OAuth client_secret within the 'credentials.json' file, which is a significant security risk and credential leak. While the 'gog' CLI tool (installed via a third-party brew tap) is a legitimate utility for managing Google Workspace, the inclusion of static credentials and the broad access it grants to sensitive data (Gmail, Drive, Contacts) via an AI agent warrants caution. There is no explicit evidence of malicious intent, but the credential exposure is a critical vulnerability.

能力标签

requires-oauth-token

能力评估

✓ Purpose & Capability

Name/description ask for a Google Workspace CLI and the skill requires the 'gog' binary and provides a brew install for 'steipete/tap/gogcli' which is consistent with the stated functionality.

ℹ Instruction Scope

SKILL.md contains straightforward commands for using the gog CLI and instructs the user to run OAuth setup using a client_secret.json. The instructions do not tell the agent to read arbitrary files or exfiltrate data, but they assume OAuth credentials will be provided.

ℹ Install Mechanism

Install spec is a Homebrew formula (steipete/tap/gogcli) which is a standard mechanism, but it is a third‑party tap (not an official Homebrew/core formula). Third‑party taps carry higher trust risk and should be verified before installation.

⚠ Credentials

The skill bundle contains a credentials.json file that includes a Google OAuth client_id and client_secret. The registry metadata and SKILL.md did not declare or justify bundling this client secret. Providing a client_secret in the distributed package is disproportionate and could allow unintended token issuance or tracking; users should not assume this client belongs to them.

✓ Persistence & Privilege

The skill does not request always:true, does not require system config paths, and does not declare env vars or other persistent privileges. Autonomous invocation is enabled (platform default) but not combined with other high privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install gog-jasmine-yottol
安装完成后，直接呼叫该 Skill 的名称或使用 /gog-jasmine-yottol 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of gog: Google Workspace CLI supporting Gmail, Calendar, Drive, Contacts, Sheets, and Docs. - Provides setup instructions for OAuth and account addition. - Includes common command examples for each supported Google service. - Supports scripting via JSON output and no-input mode. - Offers installation via Homebrew and environment variable usage tips.

元数据

Slug gog-jasmine-yottol

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Gog Jasmine Yottol 是什么？

Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 85 次。

如何安装 Gog Jasmine Yottol？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gog-jasmine-yottol」即可一键安装，无需额外配置。

Gog Jasmine Yottol 是免费的吗？

是的，Gog Jasmine Yottol 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Gog Jasmine Yottol 支持哪些平台？

Gog Jasmine Yottol 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Gog Jasmine Yottol？

由 GIZMO（@yottol）开发并维护，当前版本 v1.0.0。