Calendar Setup
by @netanel-abergel
Step-by-step wizard for connecting an owner's Google Calendar to their OpenClaw PA agent, including granting write permissions. Use when: setting up calendar...
clawhub install calendar-setupπ About This Skill
name: calendar-setup description: "Step-by-step wizard for connecting an owner's Google Calendar to their OpenClaw PA agent, including granting write permissions. Use when: setting up calendar access for the first time, troubleshooting calendar connection issues, fixing read-only calendar access, re-authenticating after permission errors, or handling multiple calendar accounts (work + personal). Works with any LLM model."
Calendar Setup Skill
Minimum Model
Any model that can follow numbered steps.Key Concept
Two accounts are involved:
agent@agentdomain.com)owner@company.com)The agent needs access to the owner's calendar. These are separate Google accounts. The OpenClaw dashboard "calendar connected" status reflects the *agent's own* calendar β not the owner's. Verify write access explicitly.
Step 1 β Owner Shares Calendar
The owner does this in Google Calendar (not the agent):
1. Open calendar.google.com as the owner 2. Find the primary calendar in the left sidebar (usually their name) 3. Click the three-dot menu β Settings and sharing 4. Under Share with specific people β click + Add people 5. Enter the agent email 6. Set permission to "Make changes to events" β not "See all event details" (that is read-only) 7. Click Send
β Done. The agent receives an email confirmation β no action needed from the agent side yet.
If owner can't find the calendar: Scroll down in the sidebar to "Other calendars".
If sharing is blocked: The owner's organization may restrict external sharing. They need to ask their IT admin to allow it.
Step 2 β Agent Authenticates
The agent runs:
# Add the owner's account to gog
gog auth add owner@company.com --services gmail,calendar,drive,contactsVerify it was added
gog auth list
Expected output of gog auth list:
owner@company.com [gmail, calendar, drive, contacts]
If re-authenticating after a permission change or expired token:
gog auth remove owner@company.com
gog auth add owner@company.com --services gmail,calendar,drive,contacts
If gog is not found: Check PATH or reinstall via your OpenClaw distribution.
If OAuth fails with "access blocked": Owner must allow access in Google Account β Security β Third-party apps.
Step 3 β Test Write Access
# Generate timestamps (works on Linux and macOS)
START=$(date -u -d '+1 hour' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \
|| date -u -v+1H +%Y-%m-%dT%H:%M:%SZ)
END=$(date -u -d '+2 hours' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null \
|| date -u -v+2H +%Y-%m-%dT%H:%M:%SZ)Create a test event in the owner's calendar
GOG_ACCOUNT=owner@company.com gog calendar create primary \
--summary "PA Setup Test β delete me" \
--start "$START" \
--end "$END"
Check the owner's Google Calendar. The test event should appear within 30 seconds.
Delete it after verifying:
# Use EVENT_ID from the output of the create command above
GOG_ACCOUNT=owner@company.com gog calendar delete primary EVENT_ID
Common Issues and Fixes
Dashboard shows "connected" but agent can't write
Cause: Dashboard reflects the agent's own calendar, not the owner's.
Fix:
1. Confirm owner shared their calendar with the agent email (Step 1)
2. Confirm agent ran gog auth add for the owner's account (Step 2)
3. Always use GOG_ACCOUNT=owner@company.com in all commands
"Insufficient permissions" error
Cause: Calendar was shared with read-only permission.
Fix: Owner goes back to Step 1 and changes the permission to "Make changes to events".
"Token expired" or authentication failure
gog auth remove owner@company.com
gog auth add owner@company.com --services gmail,calendar,drive,contacts
Multiple calendars (work + personal)
# Add both accounts
gog auth add work@company.com --services calendar
gog auth add personal@gmail.com --services calendarSee what calendars each account has
GOG_ACCOUNT=work@company.com gog calendar list
GOG_ACCOUNT=personal@gmail.com gog calendar listUse the specific calendar ID (from list output) instead of "primary"
GOG_ACCOUNT=work@company.com gog calendar create CALENDAR_ID \
--summary "Meeting" \
--start "2026-04-02T10:00:00+00:00" \
--end "2026-04-02T11:00:00+00:00"
macOS date command
# Linux: use -d
date -u -d '+1 hour' +%Y-%m-%dT%H:%M:%SZmacOS: use -v
date -u -v+1H +%Y-%m-%dT%H:%M:%SZ
Useful Commands
# List all authenticated accounts
gog auth listList owner's calendars
GOG_ACCOUNT=owner@company.com gog calendar listList events (next 7 days)
GOG_ACCOUNT=owner@company.com gog calendar events primary \
--from $(date -u +%Y-%m-%dT%H:%M:%SZ) \
--to $(date -u -d '+7 days' +%Y-%m-%dT%H:%M:%SZ 2>/dev/null || date -u -v+7d +%Y-%m-%dT%H:%M:%SZ)Create event with attendee
GOG_ACCOUNT=owner@company.com gog calendar create primary \
--summary "Meeting title" \
--start "2026-04-02T10:00:00+00:00" \
--end "2026-04-02T11:00:00+00:00" \
--attendees "attendee@company.com"Delete event
GOG_ACCOUNT=owner@company.com gog calendar delete primary EVENT_IDRemove authenticated account
gog auth remove owner@company.com
Heleni-specific: Direct API Workaround (when gog CLI auth fails)
gog auth login requires a browser β doesn't work on a server. Use the pre-existing credentials in /opt/ocana/openclaw/.gog/credentials.json instead.
# 1. Read client_id, client_secret, refresh_token from the file (owner account)
Accounts: "agent" (genesis@ocana.ai), "owner" (netanelab@monday.com)
2. Refresh access token
curl -s -X POST https://oauth2.googleapis.com/token \
-d "client_id=" \
-d "client_secret=" \
-d "refresh_token=" \
-d "grant_type=refresh_token"
β get access_token from response
3. Call Calendar API directly
curl -s "https://www.googleapis.com/calendar/v3/calendars/netanelab%40monday.com/events?timeMin=&timeMax=&singleEvents=true&orderBy=startTime&maxResults=10" \
-H "Authorization: Bearer $ACCESS_TOKEN"4. List all calendars
curl -s "https://www.googleapis.com/calendar/v3/users/me/calendarList" \
-H "Authorization: Bearer $ACCESS_TOKEN"
Note: ~/.config/gws/credentials.json (gog default path) has a stale/broken token. Always use /opt/ocana/openclaw/.gog/credentials.json.
Verification Checklist
gog auth add for owner's accountgog auth list shows owner's account with calendar serviceGOG_ACCOUNT=owner@company.comCost Tips
gog auth add call (gmail,calendar,drive,contacts) instead of separate callsEmail & Workspace Orientation (Merged from openclaw-email-orientation skill)
The Core Concept: Two Separate Accounts
| | Account |
|---|---|
| Owner | The human's Google account (e.g. owner@company.com) |
| Agent | The PA's own Google account (e.g. agent@agentdomain.com) |
These are separate. Having an agent email does NOT automatically give access to the owner's email or calendar. Owner must explicitly share, and agent must explicitly authenticate.
Key Files
| File | Purpose |
|---|---|
| ~/.openclaw/.gog/credentials.json | gog OAuth client credentials |
| ~/.openclaw/agents/main/agent/auth-profiles.json | OpenClaw auth profiles |
| skills/gog/SKILL.md | gog usage reference |
Security: Never print the contents of these files in chat. Path is fine; content is not.
Using gog
# One-time: load OAuth credentials
gog auth credentials /path/to/client_secret.jsonAdd an owner account (opens browser for OAuth)
gog auth add owner@company.com --services gmail,calendar,drive,contacts,sheets,docsVerify
gog auth listAlways use GOG_ACCOUNT= in all commands
GOG_ACCOUNT=owner@company.com gog gmail search 'is:unread' --max 10
GOG_ACCOUNT=owner@company.com gog calendar events primary \
--from "2026-04-01T09:00:00Z" --to "2026-04-01T18:00:00Z"
GOG_ACCOUNT=owner@company.com gog gmail send \
--to "recipient@example.com" --subject "Hello" --body "Message text"
Troubleshooting Email/Calendar Access
Work through in order:
1. Two accounts? β Is the question about agent email or owner email?
2. gog installed? β which gog β if missing, check PATH
3. Account added? β gog auth list β does owner's account appear?
4. Write scope? β OAuth must include calendar write scope, not read-only
5. GOG_ACCOUNT set? β All commands must include GOG_ACCOUNT=owner@company.com
6. Permission level? β Must be "Make changes to events", not "See all event details"
"Insufficient permissions" error β Owner re-shares calendar with write permission (Step 1 above).
"Token expired" error:
gog auth remove owner@company.com
gog auth add owner@company.com --services gmail,calendar,drive,contacts