Introduction

Since many YouTubers and developers have already explained how to connect and use OpenClaw, I’ll skip that part!

I wrote this troubleshooting log while building my OpenClaw AI assistant, hoping it might help other “vibe coders” (non-developers who can’t even write a for-loop) solve similar errors they might face.

First off, my coding skills(?) are non-existent. I’m a vibe coder who can’t actually write a for-loop or if-statement. LOL However, I took a machine learning course in college, so I have some theoretical background and can somewhat read existing Python or C++ code and guess, “Ah, so this is how it flows…” Please keep this in mind while reading!

Chronicles(1): Trusting AI with Gmail?

What if an AI assistant could read my emails, check my schedule, and even reply to important messages?

Sounds cool, right? So today, I took on the challenge. Connecting gog CLI to the OpenClaw open-source AI framework to access Google Workspace (Gmail, Calendar, Drive, etc.).

The result? Success! 🎉

…But the process wasn’t exactly smooth. lol

Step 1: Discovering the gog Skill

Initially, I thought about using an MCP (Model Context Protocol) server, which other developers mainly use. But while digging through the OpenClaw skills folder, I found a hidden treasure.

/home/myuser/.npm-global/lib/node_modules/openclaw/skills/gog/

There was already a Google Workspace-specific CLI called gog! 😲

What is gog?
A CLI tool to control Google Workspace from the terminal.
It can do almost anything: search Gmail, send emails, manage Calendar events, search Drive files, etc. It’s a built-in OpenClaw Skill.

Step 2: Google Cloud Console Setup (First Mistake)

To use OAuth authentication, you need to set it up in the Google Cloud Console.

What I did:

  1. ✅ Created a Project
  2. ✅ Enabled APIs (Gmail, Calendar, Drive, etc. - It’s convenient to do this in your existing Gemini API Project.)
  3. ✅ Created OAuth Client ID (Desktop app)
  4. ✅ Downloaded client_secret.json
  5. Configure OAuth Consent Screen Scopes… Forgot it

And confidently attempted authentication:

gog auth add [email protected] --services gmail,calendar,drive,contacts,docs,sheets

Result:

Access blocked: Authorization Error
Some requested scopes were invalid.
{valid=[...calendar], invalid=[...gmail, ...drive, ...contacts]}
400 Error: invalid_scope

😱 I hadn’t added the scopes to the OAuth Consent Screen!

Step 3: Adding Scopes and Retrying (Second Mistake)

Rushed back to Google Cloud Console:

  1. OAuth Consent ScreenEdit App
  2. Click “Add or Remove Scopes”
  3. Added all necessary scopes:
    • https://www.googleapis.com/auth/gmail.modify
    • https://www.googleapis.com/auth/drive
    • https://www.googleapis.com/auth/documents
    • https://www.googleapis.com/auth/spreadsheets
    • https://www.googleapis.com/auth/contacts
    • …and so on
  4. Added my email to Test Users

Tried again!

gog auth add [email protected] --services gmail,calendar,drive,contacts,docs,sheets

The browser opens, and the Google login screen appears. Approval complete! Other users, don’t be too hasty—just ask your AI assistant calmly!

💡 Pro Tip: When the Browser Doesn’t Open (Must-Read for WSL Users!)

If you are working in a Linux (WSL) environment like me, gog auth add might not open the browser automatically. Don’t panic! Copy the very long link (https://…) printed in the terminal and paste it into your Windows Chrome address bar. The login screen will appear perfectly!

Result:

Authorization received. Finishing…
store token: no TTY available for keyring file backend password prompt; 
set GOG_KEYRING_PASSWORD

😵 Failed again!

This time, it was an error because I tried to save the token in an encrypted keyring, but there was no terminal to input the password.

Step 4: Solving with Environment Variables (Finally Success!)

The solution was simple. Set the keyring password as an environment variable.

export GOG_KEYRING_PASSWORD="openclaw"
gog auth add [email protected] --services gmail,calendar,drive,contacts,docs,sheets

Browser opens, approve again…

Result:

Authorization received. Finishing…
email: [email protected]
services: calendar,contacts,docs,drive,gmail,sheets
client: default

🎉 Finally, Success!

Step 5: Testing - Does it Really Work?

export GOG_KEYRING_PASSWORD="openclaw"
gog gmail search 'newer_than:1d' --max 5 --account [email protected]

Result: The last 5 emails from the past 24 hours are printed cleanly! ✅

Calendar Check:

gog calendar events primary --from 2026-02-08T00:00:00+09:00 --to 2026-02-09T00:00:00+09:00 --account [email protected]

Result: No events (I had no schedule today lol) ✅

Perfect!

Step 6: Important Safety Mechanisms 🚨

This isn’t the end. Giving an AI permission to Gmail… can be more dangerous than you think.

Imagine:

  • Accidentally sending a love confession to the Finance Department manager? 😱
  • Sending insults to an important client? 🔥
  • Deleting important emails? 💀

So, I recommend creating Safety Rules!

🔴 Mandatory Approval Tasks (AI NEVER does these arbitrarily):

  1. Send Gmail (gog gmail send)
  2. Delete Gmail (All delete commands)
  3. Delete Drive Files
  4. Delete/Modify Calendar Events

✅ Safe Tasks (AI can do freely):

  • Search/Read Emails
  • Check Calendar Events
  • Search Drive Files
  • Create Drafts (Never send!)

How it Works:

  1. AI drafts the email
  2. Shows it to me: “Shall I send this content?”
  3. I explicitly approve: “Send”, “OK”, “Approve”
  4. Only then, it executes

“Better to ask twice than to apologize once!”

Step 7: Integration with OpenClaw and Final Experiment!

Finally, I added the gog skill to the OpenClaw configuration file.

openclaw gateway config.patch

Now my AI assistant can freely handle requests like:

  • “Show me emails I received today” 👀
  • “Tell me next week’s schedule”
  • “Find the budget file in Drive” 🔍

So, I asked it to mark today’s unread emails as read.

gog_before gog_request gog_after

It really succeeded…!! (I didn’t click it myself lol)

Lessons Learned 💡

1. OAuth is More Complex Than Expected

  • Enabling APIs isn’t enough.
  • You must explicitly add Scopes in the OAuth Consent Screen.
  • Don’t forget to add Test Users!

2. Environment Variables are Universal Solvers

  • When there’s no TTY, pass the password via environment variable.
  • GOG_KEYRING_PASSWORD="your-password"

3. Safety Mechanisms are Essential

  • Always follow the Principle of Least Privilege when granting permissions to AI.
  • Dangerous tasks (send, delete) must go through an approval step.

4. Read the Docs Carefully

  • If I had read gog --help first, I would have saved a lot of time lol

Conclusion

Thanks to today’s struggles, my AI assistant has become smarter! 🎉

Now it handles requests like “Mark today’s unread emails as read” with ease.

Next Goals:

  • Automatic email classification (Important/Spam)
  • Schedule-based automatic reminders
  • Automatic Drive file organization

With advancing technology, the era of working with AI has truly arrived. (Saving the non-coders…)

See you in the next chronicle of struggles!

Why not try raising your own AI assistant? 😊

References

P.S. My AI assistant helped write this post too. An era where AI writes its own struggle log about my mistakes… pretty funny. lol