Safety Report

Google Workspace CLI (gog)

Name: Google Workspace CLI (gog)
Rating: 5 (11 reviews)
Author: jx-76

@jx-76

Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs.

8,999Downloads

16Installs

11Stars

2Versions

CLI & Shell Tools3,679 Calendar & Scheduling2,920 Documentation2,718 CRM & Sales2,146

Security Analysis

high confidence

Clean0.08 risk

The skill is internally consistent: it documents a CLI for Google Workspace, requires the gog binary and OAuth credentials (as expected), and its instructions align with that purpose.

Mar 17, 20262 files2 concerns

Purpose & Capabilityok

Name/description match the runtime instructions: all commands are standard gog CLI usage for Gmail/Calendar/Drive/Contacts/Sheets/Docs. The only required binary is 'gog', which is appropriate for a CLI integration.

Instruction Scopenote

SKILL.md asks the user to run gog auth commands and to supply a client_secret.json (OAuth client credentials) and optionally set GOG_ACCOUNT. These are expected for a Google Workspace CLI. The SKILL.md does reference an env var (GOG_ACCOUNT) that is not listed in the skill's declared requires.env, but this is harmless informational guidance rather than unexpected data collection.

Install Mechanismnote

The registry contains no formal install spec (instruction-only), which is low-risk. SKILL.md metadata suggests a brew formula (steipete/tap/gogcli). A third-party brew tap is a plausible install path but merits verification of the tap/source before installing.

Credentialsok

The skill declares no required environment variables or credentials. It does require OAuth client credentials (client_secret.json) for Google APIs — this is proportionate and expected for access to Gmail/Drive/etc. No unrelated secrets or unrelated services are requested.

Persistence & Privilegeok

Skill is not always-enabled and does not request elevated or persistent platform privileges. It does not instruct modifying other skills or system-wide agent settings.

Guidance

This skill appears to do what it says: it expects the 'gog' binary and Google OAuth credentials to operate on Gmail, Calendar, Drive, Contacts, Sheets, and Docs. Before installing or using it, verify the gog binary's provenance (check the upstream project or GitHub repo linked from https://gogcli.sh), and be cautious when adding OAuth client credentials — treat client_secret.json as sensitive and restrict scopes to the minimum needed. If you install via the suggested brew tap (steipete/tap/gogcli), inspect that tap's source first (third‑party taps can install arbitrary code). Finally, be mindful that using the CLI can read and send email and access files — confirm before any send/create actions and limit access where possible.

Latest Release

v1.0.1

Add tags for better discovery

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @jx-76 on ClawHub