← 返回 Skills 市场
644
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install praxis-gws
功能描述
Google Workspace CLI for Gmail, Calendar, and Drive. Official Google APIs wrapper for secure, direct API access without third-party proxies. Use when managin...
安全使用建议
This CLI largely does what it claims, but take these precautions before installing or running it: (1) inspect the included script yourself — pay attention to the line that requires googleapis from a global path (it forces a global installation and could load a tampered global package); (2) ensure Node.js is installed and consider installing dependencies locally rather than globally, or modify the script to require('googleapis') normally; (3) create a dedicated Google Cloud project and OAuth client for this tool and review the OAuth consent screen before clicking through 'unverified app' warnings; (4) be aware tokens/credentials will be stored under ~/.config/praxis-gws — protect or isolate that directory; (5) prefer running this in an isolated account/container if you cannot verify the source; and (6) higher confidence would require a trusted source URL, publisher identity, or an install spec that doesn't rely on global modules.
功能分析
Type: OpenClaw Skill
Name: praxis-gws
Version: 1.0.0
The skill is classified as suspicious due to its broad API permissions and the direct passing of user/agent-controlled input to powerful Google Workspace APIs without explicit sanitization within the skill's code. While the `SKILL.md` documentation is benign and the `scripts/praxis-gws.js` code uses official libraries and performs legitimate file operations for configuration, the combination of `gmail.modify`, `calendar`, and `drive.readonly` scopes allows for significant actions (sending emails, managing calendars, reading drive files). This makes the skill a powerful tool that could be abused by a prompt-injected AI agent to perform harmful actions via API abuse, such as sending phishing emails or searching for sensitive documents, even though the skill itself does not exhibit malicious intent.
能力评估
Purpose & Capability
The script's behavior (Gmail, Calendar, Drive operations) matches the skill description and required OAuth scopes. However the registry metadata claims no required binaries while the SKILL.md and code require Node.js and the 'googleapis' package; the description calling this the 'official' wrapper is ambiguous (it uses Google's official library, but the CLI itself is a third-party script).
Instruction Scope
SKILL.md instructions are focused on obtaining OAuth credentials, configuring the CLI, and using Gmail/Calendar/Drive commands. It explicitly tells the user how to run the OAuth flow and where tokens are stored. It does instruct the user to click through the 'unverified app' warning, which is a normal but security-sensitive step for unverified OAuth clients.
Install Mechanism
There is no formal install spec in registry metadata; SKILL.md recommends 'npm install -g googleapis' and the script loads googleapis via an absolute/global path (process.env.PREFIX || '/usr/local' + '/lib/node_modules/googleapis/...'). Relying on a global install and forcing a specific global path is fragile and unusual — it increases risk because global modules can be modified by other users/administrators and could cause the script to load a different package than expected.
Credentials
The script does not request unrelated credentials; it requires user-provided Google OAuth client credentials and stores tokens locally (~/.config/praxis-gws/token.json). The OAuth scopes (gmail.modify, calendar, drive.readonly) are broad but consistent with advertised features (sending/modifying mail, creating events, reading Drive). The skill uses environment variables PREFIX and HOME implicitly; these are not declared in metadata but are typical and not sensitive.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It persists OAuth tokens and credentials under the user's home (~/.config/praxis-gws), which is expected. It does not modify other skills or system-wide configs beyond creating that directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install praxis-gws - 安装完成后,直接呼叫该 Skill 的名称或使用
/praxis-gws触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Gmail, Calendar, Drive CLI using official Google APIs
元数据
常见问题
Praxis Google Workspace 是什么?
Google Workspace CLI for Gmail, Calendar, and Drive. Official Google APIs wrapper for secure, direct API access without third-party proxies. Use when managin... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 644 次。
如何安装 Praxis Google Workspace?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install praxis-gws」即可一键安装,无需额外配置。
Praxis Google Workspace 是免费的吗?
是的,Praxis Google Workspace 完全免费(开源免费),可自由下载、安装和使用。
Praxis Google Workspace 支持哪些平台?
Praxis Google Workspace 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Praxis Google Workspace?
由 JFab68(@jfab68)开发并维护,当前版本 v1.0.0。
推荐 Skills