Secure OpenClaw Google Docs Skill
Permission-aware document operations for Google Docs — create, read, append, share, rename, export — every write logged to PortEden's audit trail.
google-docs · documents · editing · permissions
porteden docs
Use porteden docs for Google Docs content operations and file management. Use -jc flags for AI-optimized output.
If porteden is not installed: brew install porteden/tap/porteden (or go install github.com/porteden/cli/cmd/porteden@latest).
Setup (once)
- Browser login (recommended):
porteden auth login— opens browser, credentials stored in system keyring - Direct token:
porteden auth login --token <key>— stored in system keyring - Verify:
porteden auth status - If
PE_API_KEYis set in the environment, the CLI uses it automatically (no login needed). - Drive access requires a token with
driveAccessEnabled: trueand a connected Google account with Drive scopes.
Docs commands (porteden docs)
Content
- Create new doc:
porteden docs create --name "Meeting Notes" - Create in folder:
porteden docs create --name "Brief" --folder google:0B7_FOLDER - Read content (plain text):
porteden docs read google:DOCID - Read structured (full Google Docs API JSON):
porteden docs read google:DOCID --format structured -j - Append text:
porteden docs edit google:DOCID --append "New paragraph." - Insert at start:
porteden docs edit google:DOCID --insert "Header text" --at 1 - Find and replace:
porteden docs edit google:DOCID --find "old text" --replace "new text" - Multiple replacements:
porteden docs edit google:DOCID --find "foo" --replace "bar" --find "baz" --replace "qux" - Bulk ops from file:
porteden docs edit google:DOCID --ops-file ./ops.json
File management
- Get export links (pdf, docx, txt):
porteden docs download google:DOCID -jc - Share:
porteden docs share google:DOCID --type user --role writer --email user@example.com - Share publicly:
porteden docs share google:DOCID --type anyone --role reader - List permissions:
porteden docs permissions google:DOCID -jc - Rename:
porteden docs rename google:DOCID --name "New Title" - Delete (trash):
porteden docs delete google:DOCID -y
Ops file format
--ops-file accepts a JSON array of operations:
[
{"type": "appendText", "text": "New paragraph at end."},
{"type": "insertText", "text": "Header", "index": 1},
{"type": "replaceText", "find": "old phrase", "replace": "new phrase", "matchCase": true}
]Notes
- Credentials persist in the system keyring after login. No repeated auth needed.
- Set
PE_PROFILE=workto avoid repeating--profile. -jcis shorthand for--json --compact: strips noise, limits fields, reduces tokens for AI agents.- File IDs are always provider-prefixed (e.g.,
google:1BxiMVs0XRA5...). Pass them as-is. porteden docs readreturns plain text by default; use--format structuredfor full API JSON with headings and formatting.--findand--replaceare repeatable and must be used in matched pairs.--ops-fileis mutually exclusive with inline edit flags.porteden docs downloadreturns URLs only — no binary content is streamed.accessInfoin responses describes active token restrictions.deletemoves to trash (reversible). Files can be restored from Google Drive trash.- Confirm before sharing or deleting.
- Environment variables:
PE_API_KEY,PE_PROFILE,PE_FORMAT,PE_COLOR,PE_VERBOSE.
The capability, in one paragraph
Docs is where SMBs accumulate their most sensitive prose: client memos, board minutes, employee reviews, contract redlines. Every "summarize this for me" prompt against Gemini or Claude pastes that prose into a vendor model. PortEden Docs lets the agent produce, share, and triage docs without ever streaming the full body to the upstream model.
A few flags, predictable output
Read returns redacted content
docs read google:DOCID returns paragraph-structured JSON with PortEden's redaction policy applied. The structure (headings, lists, links) is preserved; identifier strings are masked unless the agent has consent to fetch raw.
Append vs replace edits
docs edit --append adds content to the end of the doc; --insert-at <index> places it at a paragraph index; --replace-range start:end overwrites. Append is the default because it composes safely with concurrent human edits.
porteden docs edit google:DOCID --append "## Status update\nAll items on track." Bulk operations via --ops-file
Bulk mode reads a JSON array of operations and applies them in order with one consolidated audit entry. The JSON schema mirrors the single-op CLI so testing is symmetric.
Five minutes, three commands
Install the PortEden CLI
OpenClaw skills delegate every API call to the porteden binary. Install once with Homebrew or Go.
brew install porteden/tap/porteden # orgo install github.com/porteden/cli/cmd/porteden@latest Authenticate
Browser-based login is recommended — credentials are written to your OS keyring. Token-based login is available for headless environments.
porteden auth login # headless / CIporteden auth login --token <PE_API_KEY> porteden auth status Install the porteden-docs skill
OpenClaw fetches the signed skill bundle and registers its commands with the agent.
openclaw skills install porteden-docs Install Secure OpenClaw Google Docs Skill in five minutes. No credit card required.
Free tier covers personal Gmail, Outlook, Google Calendar, and Drive accounts. Upgrade for organization-wide policy and audit log.
Related Skills
Install Secure OpenClaw Google Docs Skill Without Inheriting the Audit Tail
Browser auth, keyring-bound credentials, server-side audit log. The same data firewall behind every PortEden integration.
Regulated org or 200+ seats? Talk to sales →