Calendar Setup Skill
Minimum Model
Any model that can follow numbered steps.
Key Concept
Two accounts are involved:
- - Agent email — the PA's own Google account (e.g.
agent@agentdomain.com) - Owner email — the human's Google account (e.g.
owner@company.com)
The agent needs access to the owner's calendar. These are separate Google accounts. The OpenClaw dashboard "calendar connected" status reflects the agent's own calendar — not the owner's. Verify write access explicitly.
Step 1 — Owner Shares Calendar
The owner does this in Google Calendar (not the agent):
- 1. Open calendar.google.com as the owner
- Find the primary calendar in the left sidebar (usually their name)
- Click the three-dot menu → Settings and sharing
- Under Share with specific people → click + Add people
- Enter the agent email
- Set permission to "Make changes to events" — not "See all event details" (that is read-only)
- Click Send
✅ Done. The agent receives an email confirmation — no action needed from the agent side yet.
If owner can't find the calendar: Scroll down in the sidebar to "Other calendars".
If sharing is blocked: The owner's organization may restrict external sharing. They need to ask their IT admin to allow it.
Step 2 — Agent Authenticates
The agent runs:
CODEBLOCK0
Expected output of gog auth list:
�CODEBLOCK1
If re-authenticating after a permission change or expired token:
�CODEBLOCK2
If gog is not found: Check PATH or reinstall via your OpenClaw distribution.
If OAuth fails with "access blocked": Owner must allow access in Google Account → Security → Third-party apps.
Step 3 — Test Write Access
CODEBLOCK3
Check the owner's Google Calendar. The test event should appear within 30 seconds.
Delete it after verifying:
# Use EVENT_ID from the output of the create command above
GOG_ACCOUNT=owner@company.com gog calendar delete primary EVENT_ID
Common Issues and Fixes
Dashboard shows "connected" but agent can't write
Cause: Dashboard reflects the agent's own calendar, not the owner's.
Fix:
- 1. Confirm owner shared their calendar with the agent email (Step 1)
- Confirm agent ran
gog auth add for the owner's account (Step 2) - Always use
GOG_ACCOUNT=owner@company.com in all commands
"Insufficient permissions" error
Cause: Calendar was shared with read-only permission.
Fix: Owner goes back to Step 1 and changes the permission to "Make changes to events".
"Token expired" or authentication failure
CODEBLOCK5�
Multiple calendars (work + personal)
CODEBLOCK6�
macOS date command
CODEBLOCK7�
Useful Commands
CODEBLOCK8�
Heleni-specific: Direct API Workaround (when gog CLI auth fails)
INLINECODE6� requires a browser — doesn't work on a server. Use the pre-existing credentials in /opt/ocana/openclaw/.gog/credentials.json instead.
CODEBLOCK9
Note: ~/.config/gws/credentials.json (gog default path) has a stale/broken token. Always use /opt/ocana/openclaw/.gog/credentials.json.
Verification Checklist
- - [ ] Owner shared calendar with agent email
- [ ] Permission is "Make changes to events" (not read-only)
- [ ] Agent ran
gog auth add for owner's account - [ ]
gog auth list shows owner's account with calendar service - [ ] Test event created successfully in owner's calendar
- [ ] Test event deleted after verification
- [ ] All calendar commands use �INLINECODE12
Cost Tips
- - Cheap: This is a one-time setup — very low ongoing cost
- Small model OK: All steps are procedural — any model can follow them
- Avoid: Don't re-authenticate repeatedly — tokens last a long time if not revoked
- Batch: Add all needed services in one
gog auth add call (gmail,calendar,drive,contacts) instead of separate calls
Email & Workspace Orientation (Merged from openclaw-email-orientation skill)
The Core Concept: Two Separate Accounts
| Account |
|---|
| Owner | The human's Google account (e.g. owner@company.com) |
| Agent |
The PA's own Google account (e.g.
agent@agentdomain.com) |
These are separate. Having an agent email does NOT automatically give access to the owner's email or calendar. Owner must explicitly share, and agent must explicitly authenticate.
Key Files
| File | Purpose |
|---|
| INLINECODE16 | gog OAuth client credentials |
| INLINECODE17 |
OpenClaw auth profiles |
|
skills/gog/SKILL.md | gog usage reference |
Security: Never print the contents of these files in chat. Path is fine; content is not.
Using gog
CODEBLOCK10
Troubleshooting Email/Calendar Access
Work through in order:
- 1. Two accounts? — Is the question about agent email or owner email?
- gog installed? —
which gog — if missing, check PATH - Account added? —
gog auth list — does owner's account appear? - Write scope? — OAuth must include calendar write scope, not read-only
- GOG_ACCOUNT set? — All commands must include �INLINECODE21
- Permission level? — Must be "Make changes to events", not "See all event details"
"Insufficient permissions" error → Owner re-shares calendar with write permission (Step 1 above).
"Token expired" error:
�CODEBLOCK11
日历设置技能
最低模型要求
任何能够遵循编号步骤的模型。
核心概念
涉及两个账户:
- - 代理邮箱 — PA自己的Google账户(例如 agent@agentdomain.com)
- 所有者邮箱 — 人类的Google账户(例如 owner@company.com)
代理需要访问所有者的日历。这是两个独立的Google账户。OpenClaw仪表盘上的日历已连接状态反映的是代理自己的日历——而非所有者的。请明确验证写入权限。
步骤1 — 所有者共享日历
所有者在Google日历中执行此操作(而非代理):
- 1. 以所有者身份打开 calendar.google.com
- 在左侧边栏中找到主日历(通常是他们的名字)
- 点击三点菜单 → 设置和共享
- 在与特定人员共享下 → 点击 + 添加人员
- 输入代理邮箱
- 将权限设置为对事件进行更改 — 而非查看所有活动详情(此为只读权限)
- 点击发送
✅ 完成。代理会收到一封邮件确认通知——代理端暂时无需任何操作。
如果所有者找不到日历: 在侧边栏中向下滚动到其他日历。
如果共享被阻止: 所有者的组织可能限制了外部共享。他们需要请求IT管理员允许共享。
步骤2 — 代理进行身份验证
代理运行:
bash
将所有者账户添加到gog
gog auth add owner@company.com --services gmail,calendar,drive,contacts
验证已添加
gog auth list
gog auth list 的预期输出:
owner@company.com [gmail, calendar, drive, contacts]
如果在权限更改或令牌过期后需要重新验证:
bash
gog auth remove owner@company.com
gog auth add owner@company.com --services gmail,calendar,drive,contacts
如果找不到 gog: 检查PATH或通过您的OpenClaw发行版重新安装。
如果OAuth失败并显示访问被阻止: 所有者必须在Google账户 → 安全 → 第三方应用中允许访问。
步骤3 — 测试写入权限
bash
生成时间戳(适用于Linux和macOS)
START=$(date -u -d +1 hour +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \
|| date -u -v+1H +%Y-%m-%dT%H:%M:%SZ)
END=$(date -u -d +2 hours +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \
|| date -u -v+2H +%Y-%m-%dT%H:%M:%SZ)
在所有者日历中创建测试事件
GOG_ACCOUNT=owner@company.com gog calendar create primary \
--summary PA设置测试 — 请删除我 \
--start $START \
--end $END
检查所有者的Google日历。测试事件应在30秒内出现。
验证后删除:
bash
使用上述创建命令输出中的EVENT_ID
GOG
ACCOUNT=owner@company.com gog calendar delete primary EVENTID
常见问题及修复
仪表盘显示已连接但代理无法写入
原因: 仪表盘反映的是代理自己的日历,而非所有者的。
修复:
- 1. 确认所有者已与代理邮箱共享了日历(步骤1)
- 确认代理已为所有者账户运行了 gog auth add(步骤2)
- 在所有命令中始终使用 GOG_ACCOUNT=owner@company.com
权限不足错误
原因: 日历以只读权限共享。
修复: 所有者返回步骤1并将权限更改为对事件进行更改。
令牌已过期或身份验证失败
bash
gog auth remove owner@company.com
gog auth add owner@company.com --services gmail,calendar,drive,contacts
多个日历(工作 + 个人)
bash
添加两个账户
gog auth add work@company.com --services calendar
gog auth add personal@gmail.com --services calendar
查看每个账户有哪些日历
GOG_ACCOUNT=work@company.com gog calendar list
GOG_ACCOUNT=personal@gmail.com gog calendar list
使用特定的日历ID(来自列表输出)而不是primary
GOG
ACCOUNT=work@company.com gog calendar create CALENDARID \
--summary 会议 \
--start 2026-04-02T10:00:00+00:00 \
--end 2026-04-02T11:00:00+00:00
macOS date命令
bash
Linux:使用 -d
date -u -d +1 hour +%Y-%m-%dT%H:%M:%SZ
macOS:使用 -v
date -u -v+1H +%Y-%m-%dT%H:%M:%SZ
实用命令
bash
列出所有已验证的账户
gog auth list
列出所有者的日历
GOG_ACCOUNT=owner@company.com gog calendar list
列出事件(未来7天)
GOG_ACCOUNT=owner@company.com gog calendar events primary \
--from $(date -u +%Y-%m-%dT%H:%M:%SZ) \
--to $(date -u -d +7 days +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v+7d +%Y-%m-%dT%H:%M:%SZ)
创建带参会者的事件
GOG_ACCOUNT=owner@company.com gog calendar create primary \
--summary 会议标题 \
--start 2026-04-02T10:00:00+00:00 \
--end 2026-04-02T11:00:00+00:00 \
--attendees attendee@company.com
删除事件
GOG
ACCOUNT=owner@company.com gog calendar delete primary EVENTID
移除已验证的账户
gog auth remove owner@company.com
Heleni专用:直接API变通方案(当gog CLI身份验证失败时)
gog auth login 需要浏览器——在服务器上无法使用。请改用 /opt/ocana/openclaw/.gog/credentials.json 中预先存在的凭据。
bash
1. 从文件中读取clientid、clientsecret、refresh_token(所有者账户)
账户:agent (genesis@ocana.ai),owner (netanelab@monday.com)
2. 刷新访问令牌
curl -s -X POST https://oauth2.googleapis.com/token \
-d client
id=id> \
-d clientsecret=secret> \
-d refreshtoken=token> \
-d granttype=refreshtoken
→ 从响应中获取access_token
3. 直接调用日历API
curl -s https://www.googleapis.com/calendar/v3/calendars/netanelab%40monday.com/events?timeMin=&timeMax=&singleEvents=true&orderBy=startTime&maxResults=10 \
-H Authorization: Bearer $ACCESS_TOKEN
4. 列出所有日历
curl -s https://www.googleapis.com/calendar/v3/users/me/calendarList \
-H Authorization: Bearer $ACCESS_TOKEN
注意: ~/.config/gws/credentials.json(gog默认路径)包含过时/损坏的令牌。请始终使用 /opt/ocana/openclaw/.gog/credentials.json。
验证清单
- - [ ] 所有者已与代理邮箱共享日历
- [ ] 权限设置为对事件进行更改(非只读)
- [ ] 代理已为所有者账户运行 gog auth add
- [ ] gog auth list 显示所有者账户包含日历服务
- [ ] 测试事件已在所有者日历中成功创建
- [ ] 测试事件在验证后已删除
- [ ] 所有日历命令均使用 GOG_ACCOUNT=owner@company.com
成本提示
- - 低成本: 这是一次性设置——后续成本非常低
- 小型模型也可用: 所有步骤都是程序化的——任何模型都可以遵循
- 避免: 不要反复重新验证——只要不被撤销,令牌可以持续很长时间
- 批量操作: 在单个 gog auth add 调用中添加所有需要的服务(gmail、calendar、drive、contacts),而不是
