← 返回 Skills 市场
113
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install google-workspace-rave
功能描述
Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspac...
使用说明 (SKILL.md)
Google Workspace Skill
Operate all Google Workspace services through the gws CLI from OpenClaw.
Prerequisites
- Node.js 18+
- A Google Cloud project with OAuth credentials
gwsCLI installed:npm install -g @googleworkspace/cli
Authentication
First-Time Setup & Authentication Workflow (For the Agent)
When a user wants to start using this skill or if credentials are missing, you (the AI agent) MUST follow this specific authentication workflow:
- Ask for
client_secret.json: Prompt the user to provide their Google Cloud OAuthclient_secret.json. They can either upload the file or paste its contents into the chat. Once they do, save it ascredentials.jsonin the workspace. - Explain the Flow: Once you have the file, explain to the user exactly how the auth will work:
"I have saved your credentials. I am now going to start the authentication process. I'll provide you with a Google login link. You'll need to click it, authorize your account, and then your browser will redirect to a blank
http://localhost...page. Copy that full localhost URL and paste it back to me here!" - Run Authentication: Run
gws auth loginin the background (using yourexectool). Extract the generated Google OAuth URL from the output and send it to the user. - Complete Handshake: When the user replies with the
http://localhost...callback URL, usecurlto fetch that exact URL. This completes the local webserver handshake forgws. Confirm successful authentication with the user.
Alternative: First-time setup (machine with browser)
gws auth setup # creates GCP project, enables APIs, logs in
gws auth login -s drive,gmail,sheets,calendar # pick services you need
Alternative: Headless server (no browser) - PREFERRED MANUAL METHOD
Complete auth on a machine with a browser, then export:
gws auth export --unmasked > credentials.json
Security notes:
- Set file permissions:
chmod 600 credentials.json- Do not commit credential files to git — add
credentials.jsonto your.gitignore- For production environments, prefer using a service account instead of user credentials
On the headless server:
export GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/credentials.json
Service account
export GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE=/path/to/service-account.json
Pre-obtained token
export GOOGLE_WORKSPACE_CLI_TOKEN=$(gcloud auth print-access-token)
Priority: Token env > Credentials file env > gws auth login store > plaintext file.
Command Pattern
gws \x3Cservice> \x3Cresource> \x3Cmethod> [--params '{}'] [--json '{}'] [flags]
All responses are structured JSON. Use jq for extraction.
Global Flags
| Flag | Purpose |
|---|---|
--dry-run |
Preview request without executing |
--page-all |
Stream all pages as NDJSON |
--fields 'a,b' |
Select response fields |
--output table |
Table output for humans |
Discover commands
gws --help # list all services
gws drive --help # list resources in a service
gws drive files --help # list methods on a resource
gws schema drive.files.list # full request/response schema
Common Operations
Drive
# List recent files
gws drive files list --params '{"pageSize": 10}'
# Search files
gws drive files list --params '{"q": "name contains '\''report'\''", "pageSize": 20}'
# Upload a file
gws drive +upload ./report.pdf
# Download a file
gws drive files get --params '{"fileId": "FILE_ID", "alt": "media"}' > output.pdf
# Create a folder
gws drive files create --json '{"name": "Project", "mimeType": "application/vnd.google-apps.folder"}'
# Share a file
gws drive permissions create \
--params '{"fileId": "FILE_ID"}' \
--json '{"role": "reader", "type": "user", "emailAddress": "[email protected]"}'
# List all pages
gws drive files list --params '{"pageSize": 100}' --page-all | jq -r '.files[].name'
Gmail
# List inbox messages
gws gmail users-messages list --params '{"userId": "me", "maxResults": 10}'
# Read a message
gws gmail users-messages get --params '{"userId": "me", "id": "MSG_ID"}'
# Send an email
gws gmail users-messages send \
--params '{"userId": "me"}' \
--json '{"raw": "BASE64_ENCODED_EMAIL"}'
# Search messages
gws gmail users-messages list --params '{"userId": "me", "q": "from:[email protected] is:unread"}'
# List labels
gws gmail users-labels list --params '{"userId": "me"}'
# Create a filter
gws gmail users-settings-filters create \
--params '{"userId": "me"}' \
--json '{"criteria": {"from": "[email protected]"}, "action": {"addLabelIds": ["LABEL_ID"], "removeLabelIds": ["INBOX"]}}'
Calendar
# List upcoming events
gws calendar events list --params '{"calendarId": "primary", "timeMin": "2026-01-01T00:00:00Z", "maxResults": 10, "orderBy": "startTime", "singleEvents": true}'
# Create an event
gws calendar events insert \
--params '{"calendarId": "primary"}' \
--json '{"summary": "Team Sync", "start": {"dateTime": "2026-03-07T10:00:00+08:00"}, "end": {"dateTime": "2026-03-07T11:00:00+08:00"}, "attendees": [{"email": "[email protected]"}]}'
# Delete an event
gws calendar events delete --params '{"calendarId": "primary", "eventId": "EVENT_ID"}'
# Find free/busy slots
gws calendar freebusy query \
--json '{"timeMin": "2026-03-07T00:00:00Z", "timeMax": "2026-03-07T23:59:59Z", "items": [{"id": "[email protected]"}]}'
Sheets
# Create a spreadsheet
gws sheets spreadsheets create --json '{"properties": {"title": "Q1 Budget"}}'
# Read cell values
gws sheets spreadsheets-values get --params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1:D10"}'
# Write values
gws sheets spreadsheets-values update \
--params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1", "valueInputOption": "USER_ENTERED"}' \
--json '{"values": [["Name", "Amount"], ["Rent", "2000"]]}'
# Append a row
gws sheets spreadsheets-values append \
--params '{"spreadsheetId": "SHEET_ID", "range": "Sheet1!A1", "valueInputOption": "USER_ENTERED"}' \
--json '{"values": [["New Item", "500"]]}'
Docs
# Create a document
gws docs documents create --json '{"title": "Meeting Notes"}'
# Get document content
gws docs documents get --params '{"documentId": "DOC_ID"}'
# Insert text (batchUpdate)
gws docs documents batchUpdate \
--params '{"documentId": "DOC_ID"}' \
--json '{"requests": [{"insertText": {"location": {"index": 1}, "text": "Hello World\
"}}]}'
Chat
# List spaces
gws chat spaces list
# Send a message
gws chat spaces messages create \
--params '{"parent": "spaces/SPACE_ID"}' \
--json '{"text": "Deploy complete ✅"}'
Tasks
# List task lists
gws tasks tasklists list
# List tasks
gws tasks tasks list --params '{"tasklist": "TASKLIST_ID"}'
# Create a task
gws tasks tasks insert \
--params '{"tasklist": "TASKLIST_ID"}' \
--json '{"title": "Review PR", "due": "2026-03-10T00:00:00Z"}'
Admin (Directory)
# List users
gws admin users list --params '{"domain": "example.com"}'
# Get user details
gws admin users get --params '{"userKey": "[email protected]"}'
Workflow Patterns
Pipeline: Find → Process → Act
# Find unread emails from boss, extract subjects
gws gmail users-messages list --params '{"userId": "me", "q": "from:boss is:unread"}' \
| jq -r '.messages[].id' \
| while read id; do
gws gmail users-messages get --params "{\"userId\": \"me\", \"id\": \"$id\"}" \
| jq -r '.payload.headers[] | select(.name=="Subject") | .value'
done
Dry-run first
Always use --dry-run before destructive operations:
gws drive files delete --params '{"fileId": "FILE_ID"}' --dry-run
Tips
- Use
gws schema \x3Cmethod>to discover exact parameter names and types. - All commands accept
--paramsfor URL/query parameters and--jsonfor request body. - Pipe through
jqfor field extraction in agent pipelines. - Use
--page-allfor full result sets with automatic pagination. - Credentials are encrypted at rest (AES-256-GCM) with OS keyring.
Recipes
For 50+ ready-made workflow recipes (label & archive emails, organize Drive folders, schedule meetings, etc.), see the official recipe library.
Disclaimer
The gws CLI is not an officially supported Google product. It is a community/experimental tool. Use at your own discretion, and refer to the upstream repository for license and support details.
Troubleshooting
| Issue | Fix |
|---|---|
gws: command not found |
npm install -g @googleworkspace/cli |
| Auth fails / scope error | gws auth login -s drive,gmail (pick specific services) |
| "Access blocked" on login | Add yourself as test user in GCP OAuth consent screen |
| Headless server | Export creds from a desktop, set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE |
| Rate limited | Add delays between calls, reduce pageSize |
安全使用建议
This skill appears to be a legitimate wrapper for the gws CLI, but exercise caution before installing or handing over credentials. Actions to consider before proceeding:
- Verify provenance: the registry metadata, _meta.json, and README disagree on owner/slug/version and there is no homepage; prefer skills with clear, consistent provenance.
- Prefer safer auth flows: do the OAuth handshake on a machine you control (desktop with browser), then export a limited credentials file or use a service account with narrowly scoped permissions rather than pasting client_secret.json into chat.
- Minimize scope: when running `gws auth login`, request only the scopes you need instead of granting broad access.
- Do not paste long-lived secrets or private keys into chat. If you must provide credentials, restrict file permissions (chmod 600), store them outside shared workspaces, and add them to .gitignore as advised.
- Inspect the npm package (@googleworkspace/cli) on the upstream registry/GitHub to confirm it’s the expected project and review recent releases/maintainers.
- Treat any localhost callback URL or token the agent receives as sensitive; assume it could be exposed if the agent or workspace is compromised.
If you want to proceed but reduce risk: perform authentication locally, export the minimal credentials file, then set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE in the target environment rather than uploading secrets through the agent.
功能分析
Type: OpenClaw Skill
Name: google-workspace-rave
Version: 1.0.2
The skill provides extensive control over Google Workspace APIs by wrapping the `gws` CLI, requiring high-risk capabilities such as shell execution (`exec`) and network requests (`curl`). The `SKILL.md` file contains specific instructions for the AI agent to manage sensitive OAuth credentials and perform a manual authentication handshake by curling a user-provided URL. While these actions are plausibly needed for the stated purpose, the combination of broad access to private data (Gmail, Drive, etc.) and the requirement for the agent to handle raw credential files and perform unvalidated network calls constitutes a significant security risk.
能力评估
Purpose & Capability
The name/description claim to wrap the official `gws` CLI and the skill declares the `gws` binary and installs @googleworkspace/cli via npm — this is consistent. However, package/metadata inconsistencies exist: the registry metadata (owner id, slug, version) does not match values in _meta.json and README, and there's no homepage. That mismatch suggests the skill may have been repackaged or modified without clear provenance.
Instruction Scope
SKILL.md explicitly instructs the agent to request the user's Google Cloud OAuth client_secret.json, save it to the workspace, run `gws auth login` (via exec), extract and forward the OAuth login URL, and then curl the localhost callback URL provided by the user to complete the handshake. Those steps are required to obtain OAuth tokens for workspace management, so they are within the skill's purpose — but they involve collecting and storing sensitive credentials and an auth callback URL (which encodes authorization data). The instructions give the agent direct, unsupervised authority to handle secrets and to perform network operations, which raises confidentiality and exfiltration risk.
Install Mechanism
Install uses npm to install @googleworkspace/cli and creates the `gws` binary. Using npm for a CLI wrapper is expected and traceable; this is a common and proportionate install method. Note that npm packages are a moderate-risk install vector compared with trusted package repos, so verifying package origin is prudent.
Credentials
The skill does not require unrelated environment variables or credentials beyond what the gws workflow reasonably needs (credentials file, token, or service account JSON). The SKILL.md documents optional env vars like GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE and token usage. Requiring or asking for OAuth client_secret.json and exported credentials is proportionate to the declared functionality but is sensitive and should be minimized (prefer service accounts or pre-provisioned credentials).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It instructs the agent to write credentials.json into the workspace (its own working area), which is normal for credential-driven CLI usage, but storing credentials in the agent workspace increases the risk that other skills or logs could access them — consider filesystem protections and least-privilege practices.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install google-workspace-rave - 安装完成后,直接呼叫该 Skill 的名称或使用
/google-workspace-rave触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Added explicit first-time setup & authentication workflow for AI agents
v1.0.1
Updated documentation to mark Headless server as the preferred method
v1.0.0
Initial publish under new name
元数据
常见问题
google-workspace-rave 是什么?
Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspac... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。
如何安装 google-workspace-rave?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install google-workspace-rave」即可一键安装,无需额外配置。
google-workspace-rave 是免费的吗?
是的,google-workspace-rave 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
google-workspace-rave 支持哪些平台?
google-workspace-rave 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 google-workspace-rave?
由 eladrave(@eladrave)开发并维护,当前版本 v1.0.2。
推荐 Skills