Botmonster Tech
Posts jQuery Bootpag Image2SVG Categories Tags
Botmonster Tech

Contents

Self-Driving Business: Integrating OpenClaw with Google Workspace CLI

Self-Driving Business: Integrating OpenClaw with Google Workspace CLI

By combining OpenClaw (an open-source autonomous AI agent) with Google’s Workspace CLI and the Model Context Protocol, you can build a self-driving business layer that monitors Gmail, manages Google Drive, and updates Calendar - all without manual intervention. The setup requires configuring OAuth credentials in Google Cloud Console, installing the GWS CLI via npm, and exposing the Workspace tools to OpenClaw via an MCP server - giving your AI agent structured, programmatic access to the entire Google productivity stack.

The Shift from Chatbot to Business Infrastructure

Most people still interact with AI one query at a time. You open a chat window, type something, read the answer, close the tab. That’s useful, but it’s nowhere near what autonomous agents can actually do when wired into the tools your business runs on.

The more meaningful shift is from AI as a conversation partner to AI as a background process. An agent running continuously can monitor your inbox, route documents, draft replies, flag priority items, and escalate to a human only when a judgment call is needed. You’re not pulling answers from a model - you’ve staffed a role.

What made earlier AI integrations fail was the plumbing. Screen-scrapers broke whenever the UI changed. Browser automation hacks were brittle and slow. Custom API wrappers required ongoing maintenance. Two things have changed that situation substantially: structured CLI access to the Google productivity suite (the Google Workspace CLI), and a standard protocol for exposing those tools to agents (the Model Context Protocol, or MCP).

The stack this guide covers combines three components:

  • Google Workspace CLI (GWS) - programmatic access to Gmail, Drive, Calendar, Docs, Sheets, and Chat via a local MCP server.
  • Model Context Protocol (MCP) - a standard that lets agents invoke tools with typed inputs and outputs, the same way code calls functions.
  • OpenClaw - a self-hosted agent runtime that runs multi-step tasks on a schedule or in response to events, without human initiation.

For small teams and solo operators, this means being able to cover roles - inbox triage, scheduling, document organization - without headcount. The agent doesn’t lose context, doesn’t miss things on a bad day, and doesn’t require a Slack message to get started.

Meet the Stack: OpenClaw and Google Workspace CLI

Before touching any configuration, it helps to understand what each component actually does.

OpenClaw is a self-hosted AI agent runtime. You deploy it locally or on a VPS, point it at a messaging interface (WhatsApp, Discord, Telegram, or a web UI), and give it a set of tools it can invoke. Unlike chat-based assistants, OpenClaw keeps a task queue and context across sessions. It wakes up on a schedule or on an event, calls tools, evaluates results, and continues until the task is done - or until it needs to surface something to a human.

Google Workspace CLI is an npm package that wraps the full Workspace API behind a consistent interface. Instead of writing OAuth flows and API clients for each Google service separately, GWS handles authentication once and exposes Gmail, Drive, Calendar, Docs, Sheets, and Chat as composable CLI commands. gws gmail list returns structured thread data. gws calendar events create creates an event. The commands are designed to be scriptable, and that scriptable surface is exactly what the MCP server exposes upstream.

The link between them is the MCP server mode that ships with the GWS package. Run npx @google/workspace-mcp and it starts a local server speaking the Model Context Protocol - the same protocol OpenClaw uses to discover and invoke tools. OpenClaw connects, enumerates the available Workspace tools (22+ at last count), and makes them available to any task definition that references them. When the agent needs to know if you have a meeting tomorrow afternoon, it issues an MCP call that resolves to a Calendar API query and returns structured event data.

Some practitioners call the end result “company as code.” Your operational logic - how you handle client emails, how you organize project files, how you schedule follow-ups - gets encoded as versioned, testable workflows instead of living in someone’s inbox habits or calendar muscle memory.

Prerequisite Setup: Google Cloud Console

Most setup guides move through this part quickly, which is why most setups fail before the interesting part. The OAuth configuration in Google Cloud Console needs to be correct before any of the agent tooling will function.

Start with system requirements. You need Node.js v18 or higher (node --version to check) and the Google Cloud SDK installed and initialized with gcloud init. Both need to be on your PATH.

Go to console.cloud.google.com and create a new project. Name it something recognizable like “openclaw-workspace-agent” and note the project ID. Set it as your active project with gcloud config set project YOUR_PROJECT_ID.

In “APIs & Services” > “Library,” enable the following APIs one by one:

  • Gmail API
  • Google Drive API
  • Google Calendar API
  • Google Docs API
  • Google Sheets API
  • Google Chat API
  • Workspace Discovery Service (required for the MCP server to enumerate available tools)

Enabling them individually keeps permissions explicit. You can see exactly which services your agent has access to, and disabling one is a single click.

Next, configure the OAuth Consent Screen under “APIs & Services” > “OAuth consent screen.” Choose “Internal” for personal or organizational use within a Google Workspace account, or “External” if you’re deploying for users outside your org. Internal doesn’t require Google app verification, which makes the setup considerably simpler. Fill in the required fields, add the OAuth scopes for the APIs you just enabled, and save.

Create credentials under “APIs & Services” > “Credentials” - click “Create Credentials” > “OAuth 2.0 Client ID”, select “Desktop App”, name it, and download the resulting credentials.json file. Place it in a directory your GWS installation can read, typically ~/.config/gws/credentials.json.

Install the GWS CLI and authenticate:

npx @google/workspace-mcp auth login

This opens a browser OAuth flow. Sign in as the Google account you want the agent to operate as, grant the scopes, and the CLI stores a refresh token locally. Subsequent calls to npx @google/workspace-mcp authenticate automatically against stored credentials.

Connecting OpenClaw to Workspace via MCP

With authentication done, start the GWS MCP server:

npx @google/workspace-mcp serve --port 3100

This exposes all configured Workspace tools on port 3100 over the Model Context Protocol. Now point OpenClaw at it. In OpenClaw’s configuration directory, open or create mcp-config.json:

{
  "mcpServers": {
    "google-workspace": {
      "url": "http://localhost:3100",
      "transport": "http"
    }
  }
}

Restart OpenClaw. It will connect to the MCP server on startup, list the available tools in the startup log, and make them available to any task that references Workspace operations.

OpenClaw supports pre-built skill bundles via npx skills. Running npx skills install workspace-secretary installs a persona with task definitions already configured for inbox triage, meeting management, and document organization. These are YAML files you can inspect and modify to match your own workflows.

Before enabling any write access, test with read-only queries:

  • “List my last 10 Gmail threads” - confirms Gmail API access and MCP routing.
  • “Show files in my Drive root” - confirms Drive API access.
  • “What’s on my calendar tomorrow?” - confirms Calendar API access.

If any of these fail, the culprit is almost always either OAuth scope misconfiguration or the MCP server process not being reachable. Check gws auth status first, then verify the server is running on the expected port.

On permissions: scope your OAuth grants to what the agent actually needs. An inbox triage agent needs Gmail read and draft access, not Gmail full access plus Drive plus Calendar plus Sheets. An agent with broad permissions creates unnecessary exposure when credentials are stored on a server - and if the agent logic has a bug, a narrower scope limits the blast radius.

Use Cases That Actually Save Time

The scheduling workflow is the most immediately practical. Configure OpenClaw with a task that runs every 30 minutes during business hours: scan new Gmail threads for scheduling language (“can we meet,” “are you free,” “quick call”), check your Calendar for availability, and create a draft reply with two or three open time slots. The draft lands in your Drafts folder. You review, click Send, and move on. The agent handled the back-and-forth setup; you handled the decision.

Drive organization scales this pattern to files. A workflow watches an “Unsorted” folder, classifies incoming files by name and content, moves them to the right project subfolder, and logs the action in a Sheets tracker. A separate reporting workflow pulls email summaries from a project label, compiles them into a Docs report, and shares it with the team on a weekly schedule.

The watch command is where the setup goes from scheduled automation to event-driven behavior. gws watch can monitor a Gmail label, a Drive folder, or a Calendar resource for changes. When something changes, the GWS server pushes a notification to OpenClaw’s task queue. A new email from a key client triggers a priority flag and a notification. A calendar conflict triggers a rescheduling draft. A new file in a shared project folder triggers a summary. The agent is no longer polling - it’s reacting.

Google Chat integration closes the audit loop. When the agent takes a write action - moving a file, updating a Sheet, drafting a reply - it posts a message to a Chat space summarizing what it did and the reasoning. Team members can see what happened and why, and when the agent’s logic produces a bad result, that log is where you trace it back to fix the task definition.

Safety, Token Management, and Production Deployment

An agent with access to your email and documents is only worth running if you’ve thought through what happens when it does something wrong.

Token consumption is the first practical constraint. Every MCP tool call uses context tokens in the underlying language model. A task that reads full Gmail thread bodies to decide which ones matter will burn through context and produce slow, expensive responses. Request thread metadata for triage, file names rather than file contents for organization checks, and event titles rather than full calendar data for scheduling. The MCP server supports pagination and field filtering - they exist for exactly this reason.

Google’s official stance on automated inbox access is cautious. Fully autonomous email sending without human review sits in a grey area under their API terms of service. The practical answer is human-in-the-loop for writes: the agent drafts, you approve, the agent sends. Autonomous writes should be limited to genuinely low-stakes operations like file organization or calendar events for meetings you’ve already verbally agreed to.

For 24/7 operation without keeping a local machine running, deploy OpenClaw on a VPS. A Hetzner CX22 or a DigitalOcean Droplet with 2 vCPUs and 4GB of RAM handles OpenClaw and the GWS MCP server comfortably. Use PM2 or systemd to keep both processes running and auto-restart on failure.

Credential storage deserves more attention than most self-hosted guides give it. Your OAuth refresh token is a long-lived credential with the access you granted it. Don’t store it as a plain file on the server. Use environment variables, or a proper secrets manager like HashiCorp Vault, or at minimum an encrypted file with restricted permissions. Set up token rotation in your Google Cloud Project. And before you deploy anything that can write, build a runbook: how you’ll revoke the OAuth token, where to check for unexpected API activity in Google Admin, and how to audit the agent’s write log to reverse anything that needs reversing.

The setup requires more work upfront than installing a Chrome extension, but what you get on the other side is a business layer that runs without prompting, handles the repetitive coordination work that doesn’t need human judgment, and hands off the rest with enough context that the handoff is actually useful.

 Ai-AgentsAutomationGmailProductivity
 | Home