Safety Report

gogcli - Google Workspace CLI

Name: gogcli - Google Workspace CLI
Rating: 5 (5 reviews)
Author: luccast

Command-line tool to manage Google Workspace services including Gmail, Calendar, Drive, Sheets, Docs, Slides, Contacts, Tasks, People, Groups, and Keep.

6,300Downloads

72Installs

5Stars

1Versions

Project Management1,537 Calendar & Scheduling1,462 Documentation1,163 CRM & Sales861

Security Analysis

high confidence

Clean0.08 risk

The skill's instructions and requirements are consistent with a Google Workspace CLI: it asks you to install a third-party CLI, create OAuth credentials, and use that tool to operate Gmail/Drive/Calendar, which matches the stated purpose.

Feb 11, 20261 files2 concerns

Purpose & Capabilityok

Name and runtime instructions align: SKILL.md documents a Google Workspace CLI, how to install it (brew or build from GitHub), how to provision OAuth client credentials, and example commands for Gmail/Drive/Calendar/etc. There are no unrelated credential or binary requirements.

Instruction Scopeok

Instructions stay within the scope of installing and using a CLI to access Google Workspace: they reference only the OAuth client JSON (~/Downloads) and the tool's config directory (~/.config/gog). There are no instructions to read unrelated system files or exfiltrate data to unexpected endpoints. The use of a localhost redirect (http://localhost:8085/callback) is normal for desktop OAuth flows.

Install Mechanismnote

The SKILL.md recommends installing from a third-party Homebrew tap (steipete/tap/gogcli) or cloning https://github.com/steipete/gogcli and running make. That is expected for a CLI but means you will be installing/running third-party code — review the repository and release source before installing.

Credentialsnote

The skill declares no environment variables, which is consistent with the instructions. It does require creating Google OAuth client credentials and will store tokens under ~/.config/gog. OAuth tokens can grant broad access depending on scopes requested, so the credential request is proportional but sensitive.

Persistence & Privilegeok

The skill does not request always:true or other elevated platform privileges. The only persistent artifact mentioned is the tool's credential storage in ~/.config/gog, which is standard for a CLI managing OAuth tokens.

Guidance

This SKILL.md is coherent for a Google Workspace CLI, but before installing or following its steps: 1) Verify the upstream project (https://github.com/steipete/gogcli and the steipete Homebrew tap) — check stars, commits, releases, and README to ensure you trust it. 2) When creating OAuth credentials, restrict scopes to the minimum needed and use a project you control; understand that access tokens grant the tool access to your Gmail/Drive/Calendar depending on scopes. 3) Be cautious building and running third-party code (make/sudo make install) — review source or use official releases. 4) Know where tokens are stored (~/.config/gog) and how to revoke access in Google Cloud Console if needed. If you want a higher-assurance path, prefer official Google tools or well-audited third-party clients.

Latest Release

v1.0.0

Clean version without hardcoded credentials. Supports Gmail, Calendar, Drive, Sheets, Docs, Slides, Contacts, Tasks, People, Groups, Keep.

More by @luccast

Crabwalk

3 stars

Crabwalk

2 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @luccast on ClawHub