← 返回 Skills 市场
896
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install google-gog
功能描述
OAuth token refresh management for Google APIs via gog CLI.
使用说明 (SKILL.md)
Google Services (gog CLI)
Configuration
- Account:
[email protected] - Credentials:
~/.openclaw/credentials/client_secret.json - Token Storage: OS Keyring (auto-encrypted)
Refresh Token Lifecycle
Tokens auto-refresh transparently on API calls. No action needed.
If token invalid:
gog auth add [email protected] --services gmail,drive,calendar --manual --force-consent
For automation (cron/headless):
export GOG_KEYRING_BACKEND=file
export GOG_KEYRING_PASSWORD=\x3Cpassword>
gog auth list --check # Check token validity and expiration
Quick Commands
# Gmail: send, search
gog gmail send [email protected] --subject "Hi" --body "Message"
gog gmail search "newer_than:7d"
# Drive: list, upload, download
gog drive ls /
gog drive upload file.txt /
gog drive download /file.txt ./output.txt
# Check token health
gog auth list --check
安全使用建议
This skill's instructions expect you to already have the 'gog' CLI, a client_secret.json at ~/.openclaw/credentials, and to set a keyring password via GOG_KEYRING_PASSWORD, but none of those are listed in the metadata — that's the main inconsistency. Before installing or running commands: 1) Verify the origin and integrity of the gog CLI binary (don't run unknown binaries). 2) Replace the hardcoded email and credentials path with your own account and your own client_secret.json; do not use the embedded account. 3) Avoid exporting secrets in plaintext environment variables when possible; prefer native OS keyrings and documented secure workflows. 4) Confirm what 'gog' does with stored tokens (network endpoints it contacts) to ensure no unexpected exfiltration. 5) Ask the skill author to update the metadata to declare required binaries, config paths, and env vars (or provide an installer) so you can audit dependencies. If you can't verify these points, run the tool in a sandboxed or isolated environment rather than on production data.
功能分析
Type: OpenClaw Skill
Name: google-gog
Version: 1.0.0
The skill bundle provides instructions for using the `gog` CLI tool to manage Google API OAuth tokens and interact with Google services like Gmail and Drive. All commands and configurations described in `SKILL.md` are standard operations for such a tool, including specifying credential paths (`~/.openclaw/credentials/client_secret.json`) and token storage mechanisms. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts designed to mislead the agent into performing harmful or unauthorized actions. The content is aligned with the stated purpose of managing Google services.
能力评估
Purpose & Capability
The skill claims to manage Google OAuth tokens via the 'gog' CLI, which is a coherent purpose, but the registry metadata declares no required binaries, env vars, or config paths. The SKILL.md clearly expects the 'gog' binary, a credentials file (~/.openclaw/credentials/client_secret.json), and a keyring backend — these are missing from the declared requirements.
Instruction Scope
The runtime instructions tell the agent/user to run gog commands that will read a local credentials file and to export GOG_KEYRING_PASSWORD for headless operation. Those instructions reference reading local config and setting secret-bearing env vars that are outside the declared scope. The SKILL.md also hardcodes a specific email account ([email protected]), which is unexpected and could mislead users into reusing someone else's identity or credentials.
Install Mechanism
There is no install spec (instruction-only), which reduces the risk of arbitrary code being downloaded. However, this also means the skill implicitly depends on the host having the 'gog' CLI and a keyring available — dependencies that should be declared but are not.
Credentials
The SKILL.md instructs exporting GOG_KEYRING_PASSWORD and references a credentials JSON path, but the metadata lists no required env vars or config paths. Requesting a password via environment and recommending a file keyring backend (GOG_KEYRING_BACKEND=file) can expose secrets if not used carefully; these sensitive requirements should be explicitly declared and justified.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It instructs storing tokens in the OS keyring (normal for credential tools) and does not ask to modify other skills or global agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install google-gog - 安装完成后,直接呼叫该 Skill 的名称或使用
/google-gog触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Google Services (gog CLI) skill.
- Provides OAuth token refresh management for Google APIs using the gog CLI.
- Supports Gmail, Drive, and Calendar via straightforward CLI commands.
- Tokens are auto-refreshed and securely stored in the OS keyring.
- Includes instructions for manual re-authentication and automation scenarios.
- Quick command examples available for common Gmail and Drive tasks.
元数据
常见问题
Google Gog 是什么?
OAuth token refresh management for Google APIs via gog CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 896 次。
如何安装 Google Gog?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install google-gog」即可一键安装,无需额外配置。
Google Gog 是免费的吗?
是的,Google Gog 完全免费(开源免费),可自由下载、安装和使用。
Google Gog 支持哪些平台?
Google Gog 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Google Gog?
由 herry3zz(@herry3zz)开发并维护,当前版本 v1.0.0。
推荐 Skills