OpenSkillIndex← back to search
claude-code

Claude-Skills google-workspace-cli

install
source · Clone the upstream repo
git clone https://github.com/borghei/Claude-Skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/borghei/Claude-Skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/engineering/google-workspace-cli" ~/.claude/skills/borghei-claude-skills-google-workspace-cli && rm -rf "$T"
manifest: engineering/google-workspace-cli/SKILL.md
source content

Google Workspace CLI

Category: Engineering Domain: Google Workspace Administration

Overview

The Google Workspace CLI skill provides tools for auditing Google Workspace configurations, generating authentication setup documentation, and diagnosing common GWS issues. It helps IT administrators maintain secure, well-configured Workspace environments without needing to navigate complex admin consoles.

Quick Start

# Audit Workspace security configuration
python scripts/workspace_audit.py --config gws-config.json

# Generate auth setup guide
python scripts/auth_setup_guide.py --method oauth --scopes admin,drive

# Run diagnostics
python scripts/gws_doctor.py --check all

# JSON output for automation
python scripts/workspace_audit.py --config gws-config.json --format json

Tools Overview

workspace_audit.py

Audits Google Workspace configuration exports for security best practices.

FeatureDescription
2FA enforcementChecks if 2-step verification is required
Password policyValidates password strength requirements
Sharing settingsReviews external sharing configurations
App accessChecks third-party app access policies
Admin rolesReviews admin role assignments
Mobile managementChecks device management policies
Drive settingsValidates Drive sharing and access controls

auth_setup_guide.py

Generates step-by-step authentication setup documentation for GWS API access.

FeatureDescription
OAuth setupGenerates OAuth 2.0 configuration guide
Service accountCreates service account setup documentation
API scopesLists required scopes for each API
Domain delegationDocuments domain-wide delegation setup
Testing guideProvides verification steps

gws_doctor.py

Diagnostic tool for common Google Workspace configuration issues.

FeatureDescription
DNS checksValidates MX, SPF, DKIM, DMARC records format
SSL/TLSChecks certificate and transport security settings
Integration healthValidates common integration patterns
Config consistencyChecks for conflicting settings
Best practicesCompares against GWS recommended settings

Workflows

Security Audit Workflow

  1. Export config - Export GWS settings to JSON via Admin SDK or manual export
  2. Audit - Run workspace_audit.py against the config file
  3. Review findings - Prioritize critical security gaps
  4. Remediate - Apply recommended settings in Admin Console
  5. Re-audit - Verify changes resolved findings

API Setup Workflow

  1. Plan - Determine which APIs and scopes are needed
  2. Generate guide - Run auth_setup_guide.py with desired method
  3. Follow steps - Create credentials in Google Cloud Console
  4. Configure - Set up domain delegation if needed
  5. Verify - Test API access with provided verification steps

Health Check Workflow

  1. Run diagnostics - Execute gws_doctor.py with all checks
  2. Review results - Check DNS, email, and integration health
  3. Fix issues - Address failures in priority order
  4. Re-check - Verify fixes pass diagnostics

Regular Maintenance

# Monthly security audit
python scripts/workspace_audit.py --config gws-export.json --format json > audit_$(date +%Y%m).json

# Weekly health check
python scripts/gws_doctor.py --check dns,email --format json

Reference Documentation

Common Patterns Quick Reference

Security Priorities

SettingPriorityImpact
2FA enforcementCriticalPrevents account takeover
Password policyCriticalReduces credential attacks
External sharingHighPrevents data leakage
App access controlHighLimits third-party risk
Mobile managementMediumSecures device access
Admin role reviewMediumLimits privilege exposure

DNS Records for Email

RecordPurposeExample
MXEmail routing
ASPMX.L.GOOGLE.COM
SPFSender verification
v=spf1 include:_spf.google.com ~all
DKIMEmail signingDomain-specific CNAME
DMARCPolicy enforcement
v=DMARC1; p=reject; rua=mailto:...

API Scopes

APIScopePurpose
Admin SDK
admin.directory.user
User management
Drive
drive.readonly
File listing
Gmail
gmail.settings.basic
Email settings
Calendar
calendar.readonly
Calendar access

Common Issues

IssueSymptomFix
No 2FAAccount takeover riskEnable 2FA enforcement
Weak passwordsCredential stuffingSet 12+ char minimum
Open sharingData leakageRestrict external sharing
No DMARCEmail spoofingAdd DMARC DNS record
Stale adminsExcessive privilegesReview admin roles quarterly