Google's New CLI Just Fully Unlocked Claude Code

Study Guide

Overview

This video walks through the setup and use of the Google Workspace CLI (GWS), an open-source tool built by Google developers that gives Claude Code full access to Google services — Gmail, Drive, Calendar, Docs, and Sheets. The tutorial covers installation, OAuth configuration, security best practices (including sandboxing and Model Armor), skill installation, and a live demonstration of multi-service automation.

Key Concepts

What Is the Google Workspace CLI?

  • An open-source CLI tool on GitHub, created by Google developers (announced by Addy Osmani, a Google director) but not an official Google product
  • Allows Claude Code to interact with the entire Google Workspace suite via plain-language commands
  • Requires Node.js and manual OAuth setup through Google Cloud Console

Security-First Approach

  • Sandboxing: Create a separate Google account for Claude Code instead of using your primary email — reduces blast radius if something goes wrong
  • Selective sharing: Share specific calendar access, Drive folders, and email forwarding rules between your main account and the sandbox account
  • Model Armor: A Google Cloud API that scans incoming content for prompt injection attacks before Claude Code processes it — free for up to 2 million tokens per month

Model Armor Modes

  • Warn mode: Flags potential prompt injections but does not block them — useful for initial calibration
  • Block mode: Prevents flagged content from reaching Claude Code entirely — recommended once you trust the calibration

Skills System

  • The CLI includes approximately 100 skills covering every Google Workspace operation
  • You only need about 12-15 core skills for typical use: Gmail operations, Docs, Sheets, Calendar, Drive, Model Armor, and the Executive Assistant persona
  • Personas (like Executive Assistant) are meta-skills that teach Claude Code how to combine other skills for tasks like meeting prep, weekly digests, and standup reports
  • Skills are installed locally at the project level, not globally

Setup Walkthrough Summary

  1. Install the CLI: Run the npm install command (requires Node.js), verify with gws version
  2. Create a Google Cloud project: Choose which Google account to use, create a new project, note the Project ID
  3. Configure OAuth: Set up OAuth consent screen (external), publish the app to avoid 7-day credential expiry, create OAuth client ID (desktop app), download the JSON credentials file, rename to client_secret and place in ~/.config/gws/
  4. Enable APIs: Enable Google Drive, Gmail, Calendar, Docs, Sheets, and Model Armor APIs in Google Cloud Console
  5. Enable billing: Required for Model Armor (free tier of 2M tokens/month)
  6. Authenticate: Run gws o login, follow the browser flow, confirm scopes
  7. Set up sandbox sharing (optional): Share calendar, create shared Drive folder, configure email forwarding/filters
  8. Install skills: Use a Claude Code prompt to install the recommended 12-15 skills locally
  9. Configure Model Armor: Provide your Project ID, create the template, set environment variables, choose warn or block mode

Key Takeaways

  • The Google Workspace CLI is a powerful productivity multiplier — one plain-language prompt can create docs, send emails, schedule meetings, and organize Drive files simultaneously
  • Setup is involved but one-time — the video creator provides a written guide with every command and prompt needed
  • Security should not be an afterthought: sandboxing and Model Armor together create meaningful protection against prompt injection and accidental data exposure
  • Starting in "warn" mode for Model Armor lets you calibrate before committing to blocking
  • Only install the skills you actually need rather than all 100 — keeps things clean and relevant

Discussion Questions

  1. What are the trade-offs between using your primary Google account versus a sandbox account with the Google Workspace CLI?
  2. How does Model Armor's approach to prompt injection detection compare to other security measures you might implement when giving AI access to personal data?
  3. In what scenarios would "warn" mode be preferable to "block" mode for Model Armor, even in a production setup?
  4. What additional security precautions might you consider beyond sandboxing and Model Armor when giving an AI assistant access to your email?
  5. How does the Executive Assistant persona concept change the way you think about structuring AI tool interactions versus individual API calls?
YouTube