Skip to content
Marketplace · Drive & Docs
Drive & Docs skillsVerifiedUpdated May 6, 2026

Secure Google Docs Skill

Permission-aware document operations for Google Docs — create, read, append, share, rename, export — every write logged to PortEden's audit trail.

View on ClawHub

google-docs · documents · editing · permissions

What this skill does
PortEden Docs is the agent surface for Google Docs — create new documents, read content into the agent context, append paragraphs, share with new collaborators, rename, and export to PDF, DOCX, or TXT. The skill supports both interactive use (one command per action) and bulk use via a JSON operations file. Bulk mode is useful for templated workflows: ingest 200 client matters, render 200 docs from a template, share each with the matching attorney — one command, one audit log.

Example

Prompt

Create a status doc from our template for the Lighthouse matter and share it with the assigned attorney.

Output
ok  created "Lighthouse - Status" from template (google:1Ab...)
ok  shared with j.rivera@firm.com   role=writer

read returns redacted, paragraph-structured content; the share is logged to audit.
Required tools
Google Docs
Compatible agents
OpenClawGrok BuildAny CLI-compatible agent

Add to your agent

Steps 1–2 are identical for every agent — install the porteden binary and authenticate once. Step 3 registers the skill with your runtime.

1

Install the PortEden CLI

OpenClaw skills delegate every API call to the porteden binary. Install once with Homebrew or Go.

brew install porteden/tap/porteden 
# or
go install github.com/porteden/cli/cmd/porteden@latest
2

Authenticate

Browser-based login is recommended — credentials are written to your OS keyring. Token-based login is available for headless environments.

porteden auth login 
# headless / CI
porteden auth login --token <PE_API_KEY> 
porteden auth status
3

Install the porteden-docs skill

OpenClaw fetches the signed skill bundle and registers its commands with the agent.

openclaw skills install porteden-docs

The SKILL.md

The canonical, copy-paste-able skill definition your agent loads.

SKILL.md · porteden-docs · v1.0.0 · MIT-0

porteden docs

Use porteden docs for Google Docs content operations and file management. Use -jc flags for AI-optimized output.

If porteden is not installed: brew install porteden/tap/porteden (or go install github.com/porteden/cli/cmd/porteden@latest).

Setup (once)

  • Browser login (recommended): porteden auth login — opens browser, credentials stored in system keyring
  • Direct token: porteden auth login --token <key> — stored in system keyring
  • Verify: porteden auth status
  • If PE_API_KEY is set in the environment, the CLI uses it automatically (no login needed).
  • Drive access requires a token with driveAccessEnabled: true and a connected Google account with Drive scopes.

Docs commands (porteden docs)

Content

  • Create new doc: porteden docs create --name "Meeting Notes"
  • Create in folder: porteden docs create --name "Brief" --folder google:0B7_FOLDER
  • Read content (plain text): porteden docs read google:DOCID
  • Read structured (full Google Docs API JSON): porteden docs read google:DOCID --format structured -j
  • Append text: porteden docs edit google:DOCID --append "New paragraph."
  • Insert at start: porteden docs edit google:DOCID --insert "Header text" --at 1
  • Find and replace: porteden docs edit google:DOCID --find "old text" --replace "new text"
  • Multiple replacements: porteden docs edit google:DOCID --find "foo" --replace "bar" --find "baz" --replace "qux"
  • Bulk ops from file: porteden docs edit google:DOCID --ops-file ./ops.json

File management

  • Get export links (pdf, docx, txt): porteden docs download google:DOCID -jc
  • Share: porteden docs share google:DOCID --type user --role writer --email user@example.com
  • Share publicly: porteden docs share google:DOCID --type anyone --role reader
  • List permissions: porteden docs permissions google:DOCID -jc
  • Rename: porteden docs rename google:DOCID --name "New Title"
  • Delete (trash): porteden docs delete google:DOCID -y

Ops file format

--ops-file accepts a JSON array of operations:

[
  {"type": "appendText", "text": "New paragraph at end."},
  {"type": "insertText", "text": "Header", "index": 1},
  {"type": "replaceText", "find": "old phrase", "replace": "new phrase", "matchCase": true}
]

Notes

  • Credentials persist in the system keyring after login. No repeated auth needed.
  • Set PE_PROFILE=work to avoid repeating --profile.
  • -jc is shorthand for --json --compact: strips noise, limits fields, reduces tokens for AI agents.
  • File IDs are always provider-prefixed (e.g., google:1BxiMVs0XRA5...). Pass them as-is.
  • porteden docs read returns plain text by default; use --format structured for full API JSON with headings and formatting.
  • --find and --replace are repeatable and must be used in matched pairs. --ops-file is mutually exclusive with inline edit flags.
  • porteden docs download returns URLs only — no binary content is streamed.
  • accessInfo in responses describes active token restrictions.
  • delete moves to trash (reversible). Files can be restored from Google Drive trash.
  • Confirm before sharing or deleting.
  • Environment variables: PE_API_KEY, PE_PROFILE, PE_FORMAT, PE_COLOR, PE_VERBOSE.

How it works

01

Read returns redacted content

docs read google:DOCID returns paragraph-structured JSON with PortEden's redaction policy applied. The structure (headings, lists, links) is preserved; identifier strings are masked unless the agent has consent to fetch raw.

02

Append vs replace edits

docs edit --append adds content to the end of the doc; --insert-at <index> places it at a paragraph index; --replace-range start:end overwrites. Append is the default because it composes safely with concurrent human edits.

porteden docs edit google:DOCID --append "## Status update\nAll items on track."
03

Bulk operations via --ops-file

Bulk mode reads a JSON array of operations and applies them in order with one consolidated audit entry. The JSON schema mirrors the single-op CLI so testing is symmetric.

Deploy org-wide

The same firewall behind every PortEden skill

  • Provision to teams with role-based access policies
  • Identity-aware execution — every call ties back to a user
  • Signed, version-pinned skills
  • Full audit trail on every tool call
  • Field-level redaction at egress
See enterprise controls
PortEden · v1.0.0 · MIT-0
Source on ClawHub

Frequently asked questions

Can the agent read a full document into its context?
read returns paragraph-structured JSON with PortEden's redaction policy applied. Structure (headings, lists, links) is preserved; identifier strings are masked unless the user has consented to a raw fetch.
How do edits avoid clobbering human changes?
edit --append adds to the end of the doc and is the default because it composes safely with concurrent human edits. --insert-at and --replace-range are available when you need them.
Can it process many documents at once?
Yes. Bulk mode reads a JSON operations file and applies them in order with one consolidated audit entry, useful for templated, high-volume workflows.
Which agents can install it?
OpenClaw, Grok Build, or any CLI-compatible agent through the porteden binary.

Related Skills

Install Secure OpenClaw Google Docs Skill Without Inheriting the Audit Tail

Browser auth, keyring-bound credentials, server-side audit log. The same data firewall behind every PortEden integration.

Talk to sales

Regulated org or 200+ seats? Talk to sales →