Manage Google Photos library. Upload photos, create albums, and list library content. Use when the user wants to backup, organize, or share images via Google Photos.
Security Analysis
high confidenceThe skill's code and instructions match its stated purpose (Google Photos management); no obvious attempts to exfiltrate data or contact unexpected endpoints were found, though there are some operational and minor security considerations to review before use.
Name, description, SKILL.md, and the included Python script all align: they enable listing albums, creating albums, and uploading photos via the Google Photos Library API (photoslibrary.googleapis.com). The requested OAuth flow and use of credentials.json/token files are consistent with this purpose.
SKILL.md instructs running the included script and storing OAuth credentials/tokens locally — consistent with the task. It does not ask the agent to read unrelated system files or external endpoints. Minor scope issues: SKILL.md asserts a local Python virtualenv but provides no install/setup steps for dependencies, and it doesn't declare the expected token filename in the registry metadata (the script uses token_photos.pickle by default).
This is instruction-only (no install spec). The script imports google-auth and related libraries but the skill provides no pip/installation instructions. Operationally this means users must install dependencies themselves; not inherently dangerous but could cause confusion.
The skill requests no environment variables or cloud credentials in registry metadata (none are required). Instead it relies on local OAuth credential files (credentials.json and a token pickle). That is proportional to the stated purpose, but users must not accept third-party token pickle files because pickle deserialization is unsafe if the file is maliciously modified.
The skill does not request permanent inclusion (always not set) and does not require extra privileges. It runs interactively and requires user action to authorize the OAuth flow, so it cannot silently obtain credentials without user involvement.
Guidance
This skill appears to do what it says (manage Google Photos) and only contacts Google Photos endpoints. Before installing or running it: 1) Use your own Google Cloud OAuth client credentials (do not use credentials supplied by others). 2) Inspect the script locally — it stores OAuth tokens as a pickle file (token_photos.pickle); do not load token files provided by untrusted sources because pickle deserialization can execute code. 3) Install required Python libraries in a controlled virtualenv (the script's shebang points to an absolute venv path which may be invalid — replace it or run with your Python). 4) Confirm you are comfortable storing credentials.json and the token file on the local filesystem and follow Google best practices. 5) If you need non-interactive use, add explicit installation steps and locking of token storage; otherwise run interactively so you control authorization. If you want, I can produce a checklist or a small README with safe install and usage commands (pip install requirements, how to create OAuth client, how to run) before you proceed.
Latest Release
v1.0.0
Google Photos Manager for OpenClaw Streamline your memories with automated Google Photos management. This skill empowers your OpenClaw agent to interact directly with the Google Photos Library API. It moves beyond simple file storage, allowing for a truly organized photo library with support for automated uploads and smart album management. Key Features • Automated Photo Uploads: Seamlessly send images to your Google Photos library. • Smart Album Organization: Create new albums on the fly or add photos to existing ones (e.g., "Family", "Travel", "Hobby"). • Library Inspection: List and retrieve IDs for your existing albums for precise organization. • Privacy-First Design: Operates using your own Google Cloud credentials, ensuring your memories remain under your exclusive control. Perfect For • Chat Backups: Automatically save photos received via Telegram, WhatsApp, or Signal directly to a "Chat Photos" album. • Project Tracking: Use your agent to document progress on DIY projects, 3D printing, or gardening by sending photos to dedicated albums. • Family Sharing: Keep shared family albums updated without manual effort. Setup Summary 1. Enable the API: Activate the "Google Photos Library API" in your Google Cloud Console. 2. OAuth Credentials: Provide a credentials.json file (OAuth 2.0 Client ID) to the script. 3. One-Time Auth: Run the script once to perform a secure OAuth flow and generate your local access token. Technical Note Built with Python, this skill uses a dedicated virtual environment to ensure stability and avoid dependency conflicts. It is designed to be lean, fast, and easily scriptable within your OpenClaw workflows.
More by @jorgermp
Published by @jorgermp on ClawHub
