gog-safety
Build and deploy safety-profiled gogcli binaries with compile-time command removal. Use when setting up gog for an AI agent with restricted permissions — choosing between L1 (draft only), L2 (collaborate), or L3 (standard write). Covers building from PR
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/brennerspear/gog-safetyWhat This Skill Does
The gog-safety skill provides a secure framework for building and deploying gogcli binaries with compile-time command removal. By stripping out unauthorized functionality at the binary level rather than the runtime level, it ensures that forbidden operations (such as sending unauthorized emails or performing administrative tasks) are physically impossible for the AI agent to execute. This is achieved by utilizing PR #366 from the steipete/gogcli repository, which leverages a YAML-based configuration to whitelist specific subcommands before compilation.
Installation
To install this skill, use the ClawHub CLI command: clawhub install openclaw/skills/skills/brennerspear/gog-safety. Ensure you have Go 1.22+ and git installed on your build machine, as the process involves cloning the source, applying security profiles, and compiling the binary from scratch.
Use Cases
This skill is ideal for security-conscious organizations deploying AI agents that require access to internal messaging and document tools. Choose L1 for agents performing automated email triage and drafting, L2 for agents managing RSVP and collaborative feedback loops, or L3 for agents that require full writing capabilities while explicitly blocking dangerous administrative overrides.
Example Prompts
- "Build a version L1 binary for my local ARM64 machine and prepare it for deployment to the staging server."
- "Deploy the new L2 safety profile to the target host and run a verification check to ensure that the
gmail sendcommand is successfully disabled." - "Revert the current host binary to the previous state using the gog-backup file after the latest L3 update caused a workflow conflict."
Tips & Limitations
Always use the --verify flag during deployment to ensure your security policy is enforced. Note that while compile-time removal is the gold standard for security, certain architectural edge cases remain: for example, filter forwarding and drive sharing are permitted at the L1 level to allow for necessary inbox organization. These are accepted design risks for version 1.0. Always keep track of your security profiles, as custom YAML modifications allow you to tailor the agent's capabilities precisely to your business requirements.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-brennerspear-gog-safety": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-write, external-api, code-execution
Related Skills
commit
Create a git commit with a contextual message based on current changes, then push the branch.
flights
Search flights via Google Flights. Find nonstop/connecting flights, filter by time and cabin class, get booking links. Supports city names (NYC, London, Tokyo) with automatic multi-airport search. No API key required.
dev-serve
Start and manage tmux-backed dev servers exposed through Caddy at wildcard subdomains.
amazon
Buy and return items on Amazon using browser automation. Use for purchasing, reordering, checking order history, and processing returns.
domain-check
Check domain availability via Vercel and buy/manage domains via Vercel CLI