Work Automation Skill

Connect your AI agent to Gmail, Google Calendar, Google Drive, Telegram, Slack, and Obsidian — giving it full situational awareness across the tools where work happens.

All access is read-only. Credentials stay on your server. Nothing is exfiltrated.

---

Overview

This skill connects six work surfaces to your OpenClaw agent:

| Integration | What It Provides | Example Uses | |---|---|---| | Gmail (read-only) | Email threads, client/partner comms | Track outreach cadence, surface urgent replies | | Google Calendar (read-only) | Meeting schedule | Auto-prep meeting briefings, know what's coming | | Google Drive (read-only) | Meet transcripts (Gemini), shared docs | Extract action items from calls, search past meetings | | Telegram (user session) | Group chats, DMs, folders | Monitor partner groups, catch unanswered questions | | Slack (read-only) | Team channels, threads | Monitor key channels, surface mentions | | Obsidian (Git sync) | Personal notes, meeting notes | Persistent context from your own thinking |

The Compound Effect

Any single integration is useful. All of them together is transformative — the AI connects dots across email, chat, docs, meetings, and notes, surfacing things you'd otherwise miss.

---

Prerequisites

• Python 3.12+
• A Google Cloud project (free tier)
• A Telegram account + API credentials
• Access to your Slack workspace
• An Obsidian vault (optional but recommended)

Install Dependencies

pip install google-auth-oauthlib google-auth-httplib2 google-api-python-client telethon slack-sdk python-dotenv

Or create a venv:

python3 -m venv venv
./venv/bin/pip install google-auth-oauthlib google-auth-httplib2 google-api-python-client telethon slack-sdk python-dotenv

---

1. Google Workspace (Gmail, Calendar, Drive)

1.1 Create Google Cloud Project

1. Go to https://console.cloud.google.com
2. Create a new project (e.g., "WorkAI")
3. Go to APIs & Services → Library
4. Enable these three APIs:
   • Gmail API
   • Google Calendar API
   • Google Drive API

Which Google account? Use whichever account has your work email and Meet transcripts. If it's a Google Workspace account, you can still OAuth from a personal Cloud project — the token authorizes the account you sign in with, not the project owner.

1.2 Create OAuth2 Credentials

1. Go to Google Auth Platform → Clients → Create Client
2. Application type: Desktop app
3. Name it anything (e.g., "WorkAI")
4. Download the JSON credentials file → save as credentials.json

1.3 Run the Auth Script

cd /path/to/openclaw-work-automation
python3 scripts/google-auth.py

This will:

1. Generate an OAuth URL → open it in your browser
2. Sign in with your Google account → authorize the scopes
3. You'll be redirected to http://localhost/?code=... — the page won't load, that's expected
4. Copy the full URL from your browser's address bar
5. Paste it back into the script
6. Token saved to token.json ✓

For OpenClaw agents (non-interactive):

# Step 1: Generate URL
python3 scripts/google-auth.py --url-only

# Step 2: User opens URL, authorizes, copies redirect URL

# Step 3: Exchange code
python3 scripts/google-auth.py --exchange "http://localhost/?state=...&code=..."

# Step 4: Verify
python3 scripts/google-auth.py --verify

1.4 Using Google APIs

Read recent emails:

from google.oauth2.credentials import Credentials
from googleapiclient.discovery import build

creds = Credentials.from_authorized_user_file('token.json')
gmail = build('gmail', 'v1', credentials=creds)

# List recent messages
results = gmail.users().messages().list(userId='me', maxResults=10, q='is:unread').execute()
for msg_meta in results.get('messages', []):
    msg = gmail.users().messages().get(userId='me', id=msg_meta['id'], format='metadata',
                                        metadataHeaders=['From', 'Subject', 'Date']).execute()
    headers = {h['name']: h['value'] for h in msg['payload']['headers']}
    print(f"From: {headers.get('From')} | Subject: {headers.get('Subject')}")

Check calendar:

from datetime import datetime, timezone
cal = build('calendar', 'v3', credentials=creds)
now = datetime.now(timezone.utc).isoformat()
events = cal.events().list(calendarId='primary', timeMin=now, maxResults=10,
                            singleEvents=True, orderBy='startTime').execute()
for ev in events.get('items', []):
    start = ev['start'].get('dateTime', ev['start'].get('date'))
    print(f"{start}: {ev.get('summary', '(no title)')}")

Read Meet transcripts from Drive:

drive = build('drive', 'v3', credentials=creds)

# Find recent Meet transcripts (they're Google Docs in Drive)
files = drive.files().list(
    q="mimeType='application/vnd.google-apps.document' and name contains 'Meeting transcript'",
    orderBy='modifiedTime desc', pageSize=5,
    fields='files(id,name,modifiedTime)'
).execute()

# Read a transcript
for f in files.get('files', []):
    content = drive.files().export(fileId=f['id'], mimeType='text/plain').execute()
    print(f"\n--- {f['name']} ---")
    print(content.decode('utf-8')[:500])

---

2. Telegram User Account

2.1 Get API Credentials

1. Go to https://my.telegram.org
2. Log in with your phone number
3. API development tools → create a new app
4. Note your api_id and api_hash

2.2 Set Environment Variables

export TELEGRAM_API_ID=12345678
export TELEGRAM_API_HASH=your_api_hash
export TELEGRAM_PHONE=+1234567890

Or create a .env file (see templates/.env.example).

2.3 Authenticate

Interactive:

python3 scripts/telegram-auth.py

Background (recommended for OpenClaw — survives session timeouts):

# Start auth in background
nohup python3 scripts/telegram-auth.py --background &

# Wait for it to be ready
cat status.txt  # Should say "waiting"

# Write the code (DO NOT share via Telegram — see Gotcha #3!)
echo "71539" > auth_code.txt

# Check result
cat status.txt  # Should say "OK: Name (@username)"

The .session file persists authentication indefinitely — you only need to do this once.

2.4 Using Telegram

Read messages from a chat:

from telethon import TelegramClient
import os

client = TelegramClient('my_session', int(os.environ['TELEGRAM_API_ID']), os.environ['TELEGRAM_API_HASH'])
await client.connect()

# Get recent messages from a chat (use ID from telegram-auth.py output)
messages = await client.get_messages(CHAT_ID, limit=20)
for m in messages:
    sender = getattr(m.sender, 'first_name', '?') if m.sender else '?'
    print(f"[{m.date}] {sender}: {m.text}")

List chat folders:

from telethon.tl.functions.messages import GetDialogFiltersRequest

result = await client(GetDialogFiltersRequest())
for f in result.filters:
    title = getattr(f, 'title', None)
    if title:
        t = getattr(title, 'text', title)
        peers = getattr(f, 'include_peers', [])
        print(f"📂 {t} ({len(peers)} chats)")

Search across chats:

# Search for a keyword in a specific chat
messages = await client.get_messages(CHAT_ID, search='keyword', limit=10)

---

3. Slack Workspace

3.1 Create a Slack App

1. Go to https://api.slack.com/apps → Create New App → From scratch
2. Name it (e.g., "WorkAI"), select your workspace
3. Go to OAuth & Permissions
4. Under User Token Scopes, add:
   • channels:history — read public channel messages
   • channels:read — list channels
   • groups:history — read private channel messages
   • groups:read — list private channels
   • im:history — read DMs
   • im:read — list DMs
   • users:read — resolve user names
5. Install to Workspace → Authorize
6. Copy the User OAuth Token (starts with xoxp-)

3.2 Verify

export SLACK_USER_TOKEN=xoxp-your-token
python3 scripts/slack-verify.py

This lists all accessible channels with their IDs. Copy the ones you want to monitor into monitor-config.json.

3.3 Using Slack

Read channel history:

from slack_sdk import WebClient

client = WebClient(token=os.environ['SLACK_USER_TOKEN'])

result = client.conversations_history(channel='CHANNEL_ID', limit=20)
for msg in result['messages']:
    print(f"[{msg.get('user', '?')}]: {msg.get('text', '')[:100]}")

Read thread replies:

result = client.conversations_replies(channel='CHANNEL_ID', ts='THREAD_TS', limit=20)
for msg in result['messages']:
    print(f"  {msg.get('text', '')[:100]}")

Resolve user names:

user_info = client.users_info(user='USER_ID')
print(user_info['user']['real_name'])

---

4. Obsidian Vault (via Git Sync)

4.1 Set Up Git Sync

1. Create a private GitHub repo (e.g., your-username/obsidian-vault)
2. Clone it somewhere temporary:

   git clone https://github.com/youruser/obsidian-vault.git ~/obsidian-vault-temp
   

3. Copy .git into your existing vault:

   cp -r ~/obsidian-vault-temp/.git ~/path/to/your/vault/
   cd ~/path/to/your/vault
   git add -A && git commit -m "initial" && git push -u origin main
   

4.2 Auto-Sync with Obsidian Git Plugin

1. In Obsidian → Settings → Community Plugins → Browse
2. Search "Obsidian Git" → Install → Enable
3. Set Auto backup interval to 5 minutes

4.3 Pull on Server

git clone https://USERNAME:TOKEN@github.com/youruser/obsidian-vault.git ~/obsidian-vault

Pull before using:

cd ~/obsidian-vault && git pull

4.4 Reading Notes

# Search across all notes
grep -r "keyword" ~/obsidian-vault/ --include="*.md"

# Recent notes
find ~/obsidian-vault/ -name "*.md" -mtime -7 -type f

---

5. Automated Monitoring

The monitor script scans Telegram and Slack for items needing your attention.

5.1 Configure

Copy and edit the config:

cp templates/monitor-config.json monitor-config.json

Fill in:

• your_name and your_aliases — for @mention detection
• telegram.chats — chat names and IDs (from telegram-auth.py output)
• slack.channels — channel names and IDs (from slack-verify.py output)

5.2 Run

python3 scripts/monitor.py                    # Default: last 6 hours
python3 scripts/monitor.py --hours 12          # Last 12 hours
python3 scripts/monitor.py --json              # JSON output only

5.3 Automate with Cron

# Morning scan (8 AM, last 12 hours)
0 8 * * * cd /path/to/openclaw-work-automation && python3 scripts/monitor.py --hours 12

# Midday check (1 PM, last 4 hours)
0 13 * * * cd /path/to/openclaw-work-automation && python3 scripts/monitor.py --hours 4

# Evening wrap-up (6 PM, last 5 hours)
0 18 * * * cd /path/to/openclaw-work-automation && python3 scripts/monitor.py --hours 5

5.4 OpenClaw Heartbeat Integration

Add to your HEARTBEAT.md:

- [ ] Run work monitor: `python3 /path/to/openclaw-work-automation/scripts/monitor.py --hours 4`
- [ ] If high-priority items found, notify me

---

6. Common Workflows

Morning Briefing

1. Pull Obsidian vault (git pull)
2. Run monitor.py --hours 12 for overnight activity
3. Check calendar for today's meetings
4. Read unread emails
5. Generate briefing combining all sources

Meeting Prep

1. Read calendar event for attendee names
2. Search Gmail for recent threads with attendees
3. Search Telegram for recent messages with/about them
4. Check Slack for relevant channel activity
5. Pull relevant Obsidian notes
6. Generate talking points

Post-Meeting

1. Check Drive for new Meet transcript
2. Export and read transcript
3. Extract action items
4. Cross-reference with open threads in TG/Slack/email

---

Gotchas — Hard-Won Lessons

These are real issues you will hit. Don't skip them.

1. Google OAuth: InsecureTransportError

Problem: OAuth fails because redirect URI is http://localhost (not https). Solution: Set OAUTHLIB_INSECURE_TRANSPORT=1 before importing Google libraries. The auth script handles this automatically.

2. Google Drive: Docs API Needs Separate Enablement

Problem: Trying to read Google Docs (Meet transcripts) via the Docs API fails if you haven't enabled it. Solution: Use the Drive API's export method instead — it works without enabling the Docs API separately:

content = drive.files().export(fileId='DOC_ID', mimeType='text/plain').execute()

3. Telegram: Login Codes Get Blocked If Shared via Telegram

Problem: If you paste your login code in ANY Telegram message (even Saved Messages), Telegram detects it and blocks the login with "this code was previously shared by your account." Solution:

• Spell the code in words ("seven one five three nine") and convert
• Use file-based exchange (echo "71539" > auth_code.txt)
• Add +1 to last digit and communicate the offset

4. Telegram: Exec Sessions Get Killed Before Code Entry

Problem: Long-running processes (like waiting for a login code) get SIGTERM'd by orchestration platforms with session timeouts. Solution: Use nohup for the auth script. The --background flag in telegram-auth.py handles this pattern.

5. Telegram: Zombie Bot Processes Hold Polling Lock

Problem: An old bot process using the same Telegram bot token holds the polling lock, preventing new instances. Solution: Kill all old processes before starting: pkill -f "bot.py" and verify with ps aux | grep bot.

6. Telegram: send_code_request Invalidates Previous Codes

Problem: Calling send_code_request again invalidates the previous code and its phone_code_hash. Solution: Don't call it again — reuse the original phone_code_hash from the first call.

7. OpenAI API: Model Names Change

Problem: Model names like gpt-5.2-mini may not exist. APIs return cryptic errors. Solution: Always check available models via the API first. Use confirmed model names.

8. OpenAI API: max_tokens vs max_completion_tokens

Problem: Newer models reject the max_tokens parameter. Solution: Use max_completion_tokens instead.

9. OpenAI API: Temperature Restrictions

Problem: Some models only accept temperature=1 and reject custom values. Solution: Check model docs or use temperature=1 as a safe default.

10. Obsidian Git: Don't git init Inside Existing Vault

Problem: Running git init in your vault creates conflicts when you try to add a remote. Solution: Clone the repo elsewhere, copy .git into your existing vault, then push.

11. Server Git Clone: Auth Required

Problem: git clone on a server fails with "could not read Username" for private repos. Solution: Use a personal access token in the URL:

git clone https://USERNAME:TOKEN@github.com/youruser/obsidian-vault.git

---

Security Notes

• Gmail: gmail.readonly scope — cannot send, modify, or delete emails
• Calendar: calendar.readonly scope — cannot create or edit events
• Drive: drive.readonly scope — cannot upload, modify, or delete files
• Telegram: User session with your account's normal permissions (read messages you can already see)
• Slack: User token with read-only scopes — cannot post or modify messages
• Obsidian: Private Git repo, pulled read-only on server
• All credentials stored on your server only — nothing shared, nothing exfiltrated
• Each person runs their own instance — no shared access, no central credential store

---

File Structure

openclaw-work-automation/
├── SKILL.md              ← This file
├── README.md             ← GitHub README
├── scripts/
│   ├── google-auth.py    ← Google OAuth flow
│   ├── telegram-auth.py  ← Telegram auth (interactive + background)
│   ├── slack-verify.py   ← Slack token verification
│   └── monitor.py        ← Multi-platform activity scanner
├── templates/
│   ├── .env.example      ← All environment variables
│   └── monitor-config.json ← Monitor configuration template
└── .gitignore