Secure OpenClaw Google Drive Skill
List, search, upload, organize, share, and manage Google Drive files from an OpenClaw agent — with permission changes audited and risky scopes blocked at the firewall.
google-drive · files · permissions · sharing
porteden drive
Use porteden drive for Google Drive file and folder management. Use -jc flags for AI-optimized output.
If porteden is not installed: brew install porteden/tap/porteden (or go install github.com/porteden/cli/cmd/porteden@latest).
Setup (once)
- Browser login (recommended):
porteden auth login— opens browser, credentials stored in system keyring - Direct token:
porteden auth login --token <key>— stored in system keyring - Verify:
porteden auth status - If
PE_API_KEYis set in the environment, the CLI uses it automatically (no login needed). - Drive access requires a token with
driveAccessEnabled: trueand a connected Google account with Drive scopes.
Drive commands (porteden drive)
- List files:
porteden drive files -jc - Search by keyword:
porteden drive files -q "budget report" -jc - Filter by folder:
porteden drive files --folder google:0B7_FOLDER_ID -jc - Filter by MIME type:
porteden drive files --mime-type application/pdf -jc - Filter by name:
porteden drive files --name "Q1" -jc - Shared with me:
porteden drive files --shared-with-me -jc - Modified in range:
porteden drive files --modified-after 2026-01-01 --modified-before 2026-02-01 -jc - All files (auto-paginate):
porteden drive files --all -jc - Get file metadata:
porteden drive file google:FILEID -jc - Get view/download links:
porteden drive download google:FILEID -jc - List permissions:
porteden drive permissions google:FILEID -jc - Upload file:
porteden drive upload --file ./report.pdf --name "Q1 Report.pdf" - Upload to folder:
porteden drive upload --file ./data.csv --name "Data.csv" --folder google:0B7_FOLDER - Create folder:
porteden drive mkdir --name "Project Files" - Create folder in folder:
porteden drive mkdir --name "Reports" --parent google:0B7_FOLDER - Rename:
porteden drive rename google:FILEID --name "New Name.pdf" - Move:
porteden drive move google:FILEID --destination google:0B7_DEST_FOLDER - Share with user:
porteden drive share google:FILEID --type user --role reader --email user@example.com - Share with domain:
porteden drive share google:FILEID --type domain --role reader --domain example.com - Share publicly:
porteden drive share google:FILEID --type anyone --role reader - Delete (trash):
porteden drive delete google:FILEID(prompts) orporteden drive delete google:FILEID -y
Notes
- Credentials persist in the system keyring after login. No repeated auth needed.
- Set
PE_PROFILE=workto avoid repeating--profile. -jcis shorthand for--json --compact: strips noise, limits fields, reduces tokens for AI agents.- File IDs are always provider-prefixed (e.g.,
google:1BxiMVs0XRA5...). Pass them as-is. porteden drive files --allauto-paginates (safety cap: 50 pages). CheckhasMorein JSON output.porteden drive downloadreturns URLs only — no binary content is streamed.accessInfoin responses describes active token restrictions. Always check it to understand what data may be limited.authWarningsin list responses indicate provider connection issues.deletemoves to trash (reversible). Files can be restored from Google Drive trash.- Confirm before sharing or deleting files.
- Environment variables:
PE_API_KEY,PE_PROFILE,PE_FORMAT,PE_COLOR,PE_VERBOSE.
The capability, in one paragraph
Files in Drive are the single richest source of regulated content in most SMBs: client deliverables, signed agreements, scanned IDs, financial models. A misclick by an autonomous agent is the kind of incident that ends careers. The skill makes the safe path the default path.
A few flags, predictable output
google: prefixed file IDs
Every command accepts file IDs in the form google:1BxiMVs0XRA5… so the agent can carry IDs across skills (Docs, Sheets, Drive) without re-fetching. Listing returns this prefix in the id field.
Permission changes are audited and policy-gated
share writes a structured event to the audit log: who shared, with whom, role, link visibility. Token policy controls whether anyone / anyoneWithLink scopes are accepted at all — the upstream Drive call is not made when policy refuses.
Destructive ops trash, don't delete
delete moves the file to Drive's trash by default. Use --permanent to skip trash, but only with --yes; PortEden's default token policy denies --permanent until explicitly enabled.
Five minutes, three commands
Install the PortEden CLI
OpenClaw skills delegate every API call to the porteden binary. Install once with Homebrew or Go.
brew install porteden/tap/porteden # orgo install github.com/porteden/cli/cmd/porteden@latest Authenticate
Browser-based login is recommended — credentials are written to your OS keyring. Token-based login is available for headless environments.
porteden auth login # headless / CIporteden auth login --token <PE_API_KEY> porteden auth status Install the porteden-drive skill
OpenClaw fetches the signed skill bundle and registers its commands with the agent.
openclaw skills install porteden-drive Install Secure OpenClaw Google Drive Skill in five minutes. No credit card required.
Free tier covers personal Gmail, Outlook, Google Calendar, and Drive accounts. Upgrade for organization-wide policy and audit log.
Related Resources
Related Skills
Install Secure OpenClaw Google Drive Skill Without Inheriting the Audit Tail
Browser auth, keyring-bound credentials, server-side audit log. The same data firewall behind every PortEden integration.
Regulated org or 200+ seats? Talk to sales →