# Send Google Workspace BYOK to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "google-workspace-byok",
    "name": "Google Workspace BYOK",
    "source": "tencent",
    "type": "skill",
    "category": "效率提升",
    "sourceUrl": "https://clawhub.ai/kyesh/google-workspace-byok",
    "canonicalUrl": "https://clawhub.ai/kyesh/google-workspace-byok",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/google-workspace-byok",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=google-workspace-byok",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md",
      "scripts/setup.js",
      "scripts/auth.js",
      "scripts/gmail.js",
      "scripts/shared.js",
      "scripts/package.json"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "google-workspace-byok",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T03:38:38.946Z",
      "expiresAt": "2026-05-07T03:38:38.946Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=google-workspace-byok",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=google-workspace-byok",
        "contentDisposition": "attachment; filename=\"google-workspace-byok-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "google-workspace-byok"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/google-workspace-byok"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/google-workspace-byok",
    "downloadUrl": "https://openagent3.xyz/downloads/google-workspace-byok",
    "agentUrl": "https://openagent3.xyz/skills/google-workspace-byok/agent",
    "manifestUrl": "https://openagent3.xyz/skills/google-workspace-byok/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/google-workspace-byok/agent.md"
  }
}
```
## Documentation

### Google Workspace BYoK (Bring Your Own Key)

Direct Google Calendar and Gmail API access using your own GCP project OAuth2 credentials. Supports multiple Google accounts.

### Prerequisites

Node.js (v18+)
A Google Cloud project with Calendar and Gmail APIs enabled
OAuth2 Desktop app credentials from your GCP project

### Step 1: Install Dependencies

cd {baseDir}/scripts && npm install

This installs googleapis (Google API client) and mupdf (PDF text extraction for email attachments).

### Step 2: Create a Google Cloud Project

Go to Google Cloud Console and create a new project (or use an existing one)
Enable the Google Calendar API and Gmail API:

Go to APIs & Services → Library
Search for "Google Calendar API" → click Enable
Search for "Gmail API" → click Enable

### Step 3: Configure the OAuth Consent Screen

Go to Google Auth Platform → Audience (direct link)
If prompted, configure the consent screen:

App name: anything (e.g., "OpenClaw")
User support email: your email
Scopes: skip (the auth script requests scopes at runtime)


If your app is in Testing publishing status (the default), add every Google account you want to authorize as a test user:

Under Test users, click Add users
Enter the email addresses of each account you'll connect
Save

⚠️ Important: Apps in "Testing" status have a 7-day token expiry. To get long-lived tokens, publish your app to "Production" in the Audience settings. For personal Gmail accounts (External user type), you can skip Google's verification review — you'll just see an "unverified app" warning during consent. This is fine for personal use.

### Step 4: Create OAuth Credentials

Go to Google Auth Platform → Clients (direct link)
Click Create Client → choose Desktop app as the application type
Name it whatever you like (e.g., "OpenClaw")
Click Create and download the credentials JSON
Run the setup script:

node {baseDir}/scripts/setup.js --credentials /path/to/downloaded-credentials.json

This copies your credentials to ~/.openclaw/google-workspace-byok/credentials.json.

### Step 5: Authorize Google Accounts

For each Google account you want to connect:

node {baseDir}/scripts/auth.js --account <label>

The <label> is a friendly name you'll use to reference this account (e.g., "personal", "work", "household").

Auth flow:

The script prints an authorization URL
Open the URL in your browser and sign in with the Google account
Grant the requested permissions
You'll be redirected to http://localhost/... — the page won't load, and that's expected
Copy the full URL from your browser's address bar and paste it back into the script
The script exchanges the code for tokens and saves them

Scopes requested (default — read/write):

calendar — Full read/write access to Google Calendar
gmail.readonly — Read-only access to Gmail

Pass --readonly to request read-only calendar access instead.

Tokens are stored in ~/.openclaw/google-workspace-byok/tokens/<label>.json.

### Usage

All scripts are in {baseDir}/scripts/. Run them with node.

### Calendar

# List all calendars
node {baseDir}/scripts/calendar.js --account <label> --action list-calendars

# List upcoming events (default: next 7 days, primary calendar)
node {baseDir}/scripts/calendar.js --account <label> --action events

# List events with options
node {baseDir}/scripts/calendar.js --account <label> --action events --calendar <calendarId> --days <number> --max <number>

# Get a specific event
node {baseDir}/scripts/calendar.js --account <label> --action get-event --calendar <calendarId> --event-id <eventId>

# Check free/busy
node {baseDir}/scripts/calendar.js --account <label> --action freebusy --days <number>

### Gmail

# List recent emails (default: 10)
node {baseDir}/scripts/gmail.js --account <label> --action list

# Search emails
node {baseDir}/scripts/gmail.js --account <label> --action list --query "from:someone@example.com" --max 20

# Read a specific email (includes attachment metadata with IDs)
node {baseDir}/scripts/gmail.js --account <label> --action read --message-id <messageId>

# Download all attachments from an email
node {baseDir}/scripts/gmail.js --account <label> --action attachment --message-id <messageId> --out-dir /tmp/attachments

# Download a specific attachment
node {baseDir}/scripts/gmail.js --account <label> --action attachment --message-id <messageId> --attachment-id <id> --out-dir /tmp

# List labels
node {baseDir}/scripts/gmail.js --account <label> --action labels

Gmail search uses the same query syntax as the Gmail web search box (e.g., is:unread, from:, newer_than:1d, has:attachment).

### Reading PDF Attachments

The skill includes mupdf for extracting text from PDF attachments — useful for newsletters, invoices, school letters, etc. It handles multilingual text (Japanese, Chinese, etc.) well.

# 1. Download the attachment
mkdir -p /tmp/attachments
node {baseDir}/scripts/gmail.js --account <label> --action attachment --message-id <id> --out-dir /tmp/attachments

# 2. Extract text from the PDF
node --input-type=module -e "
import * as mupdf from '{baseDir}/scripts/node_modules/mupdf/dist/mupdf.js';
import fs from 'fs';
const data = fs.readFileSync('/tmp/attachments/filename.pdf');
const doc = mupdf.Document.openDocument(data, 'application/pdf');
for (let i = 0; i < doc.countPages(); i++) {
  const page = doc.loadPage(i);
  console.log(page.toStructuredText('preserve-whitespace').asText());
}
"

Note: mupdf is an ESM module — use node --input-type=module with import syntax, not require().

### Account Management

# List configured accounts
node {baseDir}/scripts/accounts.js --action list

# Check token status
node {baseDir}/scripts/accounts.js --action status --account <label>

### File Layout

~/.openclaw/google-workspace-byok/
├── credentials.json          # Your GCP OAuth credentials
└── tokens/
    ├── personal.json          # Token for "personal" account
    └── work.json              # Token for "work" account

### Error 403: access_denied — "has not completed the Google verification process"

Your app is in Testing mode and the Google account isn't listed as a test user. Fix: Google Auth Platform → Audience → Test users → Add the email.

### Error: invalid_grant

The refresh token expired or was revoked. Re-run node {baseDir}/scripts/auth.js --account <label> to re-authorize.

### Tokens expire after 7 days

Apps in "Testing" publishing status issue tokens that expire after 7 days. Publish your app to "Production" for long-lived tokens. For personal Gmail (External user type), you can skip verification and just accept the "unverified app" warning.

### Error: redirect_uri_mismatch

Your credentials.json doesn't include http://localhost as a redirect URI. Edit your OAuth client in GCP Console → Authorized redirect URIs → add http://localhost.

### npm install fails or mupdf won't install

mupdf requires a C++ build toolchain on some platforms. If it fails, you can still use all other features — PDF text extraction is the only feature that requires it. Try: npm install --ignore-scripts to skip native compilation, then install mupdf separately if needed.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: kyesh
- Version: 1.0.0
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-30T03:38:38.946Z
- Expires at: 2026-05-07T03:38:38.946Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/google-workspace-byok)
- [Send to Agent page](https://openagent3.xyz/skills/google-workspace-byok/agent)
- [JSON manifest](https://openagent3.xyz/skills/google-workspace-byok/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/google-workspace-byok/agent.md)
- [Download page](https://openagent3.xyz/downloads/google-workspace-byok)