← 返回 Skills 市场
Google Workspace
作者
PanthroCorp
· GitHub ↗
· v0.5.2
· MIT-0
326
总下载
0
收藏
0
当前安装
6
版本数
在 OpenClaw 中安装
/install panthrocorp-google-workspace
功能描述
Gmail, Contacts, Calendar, Drive (with comments), Docs, and Sheets for OpenClaw agents
安全使用建议
This skill appears to implement exactly what it advertises: a Google Workspace CLI that uses OAuth and encrypts the refresh token with a provided key. Before installing: 1) Confirm you created the OAuth Desktop client in your Google Cloud project and only provide the CLIENT_ID/SECRET to this instance; 2) Provide GOOGLE_WORKSPACE_TOKEN_KEY from a secure secret store so the token at rest is encrypted; 3) If you want maximum assurance, either verify the release checksums in dist/checksums.txt or build the binary from source yourself (go build); 4) Keep Docs/Sheets/Drive in 'off' or 'readonly' unless you deliberately enable readwrite — the binary warns that readwrite requires broad Drive scopes; 5) Note the repo/publish metadata mismatch (no formal install spec in registry) — if you rely on automatic installers, verify how clawhub will obtain and install the binary. If any of these points are unacceptable or unclear, do not install until resolved.
功能分析
Type: OpenClaw Skill
Name: panthrocorp-google-workspace
Version: 0.5.2
The Google Workspace skill is a well-architected and security-focused integration for Gmail, Calendar, Contacts, Drive, Docs, and Sheets. It implements multiple layers of defense, including hardcoded read-only access for sensitive services (Gmail/Contacts), configuration-gated write operations for others, and AES-256-GCM encryption for stored OAuth tokens using a user-provided key (GOOGLE_WORKSPACE_TOKEN_KEY). The code (cmd/ and internal/google/) strictly follows the stated security boundaries, and no evidence of data exfiltration or malicious intent was found.
能力标签
能力评估
Purpose & Capability
Name and description match the implementation: CLI commands for Gmail, Calendar, Contacts, Drive, Docs, and Sheets are present. The three required environment variables (OAuth client ID/secret and an encryption key for tokens) are appropriate and necessary for the described OAuth flows and encrypted token storage. Requiring the google-workspace binary is consistent with the provided Go source and dist artifacts.
Instruction Scope
SKILL.md and the code instruct the agent/operator to install the binary, run an interactive OAuth Desktop flow, and operate only on the configured services. The instructions and commands reference only service-specific config and token files and do not ask the agent to read unrelated system files or additional secrets. The README and code explicitly warn about scope escalation (e.g., full Drive scope) and Advanced Protection errors.
Install Mechanism
Installation instructions download a prebuilt tarball from the project's GitHub Releases (well-known host) and extract a binary to ~/.openclaw/bin — this is a common pattern and acceptable but carries the normal risk of installing a binary. Registry metadata lists no formal install spec even though source and dist artifacts exist; this packaging/metadata mismatch should be noted. The repo includes dist/checksums.txt and artifacts.json — verify checksums/signatures before running the binary if you require higher assurance, or build from source (Go) as README suggests.
Credentials
The three required environment variables (GOOGLE_WORKSPACE_TOKEN_KEY, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET) are directly tied to the OAuth + encrypted token storage functionality. No unrelated credentials or broad system secrets are requested. The SKILL.md also mentions an optional GOOGLE_WORKSPACE_CONFIG_DIR (not listed in requires.env) which is a harmless override for config location.
Persistence & Privilege
The skill does persist an encrypted OAuth token to disk (default ~/.openclaw/credentials/google-workspace/token.enc) and expects the encryption key from an env var — this is explicit in the docs and code. The skill does not request elevated platform privileges, does not set always:true, and does not modify other skills. Autonomous invocation is allowed by default but not combined with elevated privileges or unrelated credential access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install panthrocorp-google-workspace - 安装完成后,直接呼叫该 Skill 的名称或使用
/panthrocorp-google-workspace触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.5.2
- Release v0.5.2
- Updated version number in documentation and metadata
- No user-facing feature changes or new capabilities
- All usage instructions, limitations, and commands remain unchanged
v0.5.1
- Internal files updated: artifacts.json, checksums.txt, metadata.json, and main.go.
- No user-facing changes to documentation or features.
v0.5.0
Version 0.5.0 — Adds Google Docs and Sheets support, enhances Drive, and updates configuration options.
- New: Google Docs and Google Sheets commands with configurable access (read-only or read-write).
- New: Drive now supports comments (list, add, reply); write access can be enabled for comments only.
- Breaking: Mode/configuration controls extended to Docs, Sheets, and Drive (beyond Calendar).
- Docs and Sheets support is disabled by default; enable via `config set`.
- Security note: Setting Drive to readwrite mode grants broad access via the OAuth token; only enable if acceptable.
- Documentation updated to reflect all new capabilities, usage, and configuration options.
v0.4.3
- Added support for Google Drive (read-only): list, search, get metadata, and download files.
- Updated documentation to include Drive usage and installation instructions.
- Improved project metadata and clarified supported features.
- Minor corrections and enhancements across Calendar, Gmail, and Contacts command documentation.
v0.2.0
- Added troubleshooting guidance for Google accounts with Advanced Protection: how to address "Error 400: policy_enforced" during authentication.
- Documentation updates in SKILL.md and related files.
- New CLAUDE.md file added.
v0.1.0
- Initial release of Google Workspace skill for OpenClaw agents.
- Provides read-only access to Gmail and Contacts.
- Offers configurable (readonly or readwrite) access to Google Calendar.
- Includes commands for searching, reading, and listing Gmail messages and contacts.
- Supports calendar event creation, updating, and deletion when in readwrite mode.
- All commands default to JSON output; plain text available with `--output text` option.
- Authentication managed via environment variables, with status checks and re-authentication guidance.
元数据
常见问题
Google Workspace 是什么?
Gmail, Contacts, Calendar, Drive (with comments), Docs, and Sheets for OpenClaw agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 326 次。
如何安装 Google Workspace?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install panthrocorp-google-workspace」即可一键安装,无需额外配置。
Google Workspace 是免费的吗?
是的,Google Workspace 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Google Workspace 支持哪些平台?
Google Workspace 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux)。
谁开发了 Google Workspace?
由 PanthroCorp(@panthrocorp)开发并维护,当前版本 v0.5.2。
推荐 Skills