πŸ“‹ Blogs

Insights and best practices for running AI agents

← Back to Home

πŸ“§ GOG.md β€” Google Workspace for AI Agents

Best practices for integrating Google Workspace with AI agents

One of the most powerful integrations for any AI agent is Google Workspace β€” Gmail, Calendar, Drive, and more. But having the integration isn't enough: you need proper configuration to make it work reliably.

πŸ“§

GOG.md

Google Workspace best practices for AI agents

β–Ό

Gmail β€” Sending Emails

Always use --reply-to-message-id when replying to email threads to keep the conversation connected.

# Send email
gog gmail send --to recipient@example.com --subject "Subject" --body "Message"

# Reply in thread
gog gmail send --to recipient@example.com --subject "Re: Subject" --body "Reply" --reply-to-message-id <message_id>

Gmail β€” Reading Emails

# Search inbox
gog gmail search "from:someone@example.com is:unread" --max 10

# Get specific message
gog gmail get <message_id>

Calendar

⚠️ Important

When you create, modify, update, or delete any meeting that has invited attendees, you MUST notify all invited attendees via email about the change. Do not assume attendees will see calendar updates automatically.

# List events
gog calendar events <calendarId> --from 2026-01-01 --to 2026-01-31

# Create event with attendees
gog calendar create <calendarId> --summary "Meeting" \
  --from 2026-01-15T10:00 --to 2026-01-15T11:00 \
  --attendees "email1@example.com,email2@example.com" \
  --with-meet

Customer Inquiry Alert

⚠️ Important

Any email coming through the website contact form (subject: NEW WEB CONTACT) is a customer inquiry.

When a new customer inquiry arrives:

  1. Read the email content
  2. Send a Telegram message to Josh alerting him of the new customer request
  3. Include the customer's name, email, and message summary

Drive

# Search files
gog drive search "filename" --max 10

πŸ•ΈοΈ Web Browsing Philosophy & Best Practices

Why VPS deployment fails and how sandboxed browsing improves security

One of the most common questions is: "Can I run OpenClaw on a VPS and use web browsing?" The answer is yes, but web browsing will likely fail. Here's why β€” and why the sandboxed approach is actually a security feature.

πŸ•ΈοΈ

Web Browsing Philosophy & Best Practices

Why VPS fails, sandbox security, and getting the most from browser automation

β–Ό

Why VPS Deployment Fails

When you run a browser in a typical server environment (including most VPS setups), it runs in "headless" mode β€” meaning there's no visual display, no window, no graphical interface. The browser operates purely as a background process.

Modern websites are increasingly sophisticated at detecting headless browsers:

  • User-Agent detection: Identifying browser signatures that indicate automation
  • JavaScript execution analysis: Checking for missing DOM features that real browsers have
  • Behavioral analysis: Flagging inhuman navigation patterns
  • Canvas fingerprinting: Detecting rendering differences in headless vs. regular browsers

The Real-World Impact

When websites detect a headless browser, they don't just show an error β€” they silently:

  • Return fake or empty data
  • Redirect to captcha/verification pages
  • Block your IP temporarily or permanently
  • Show different pricing or availability than real users see

When OpenClaw runs on your local machine (or a machine with a display), it uses a full browser with a visual interface β€” passing all anti-bot detection.

"The difference between a headless browser and a full browser is the difference between wearing a disguise and having a real face."

The Security Advantage

Beyond avoiding detection, there's a critically important security reason why OpenClaw uses a sandboxed, isolated browser rather than giving agents direct access to your data.

When you give an AI agent direct access to your email, calendar, file system, or browser profiles, you're creating a direct attack path from whatever the agent interacts with back to your sensitive data.

OpenClaw's approach is fundamentally different: it runs a completely separate browser profile with no access to your credentials, limited network access, and explicit actions only.

πŸ’‘ Defense in Depth

Think of it like this:

  • Direct access = giving someone your house keys
  • OpenClaw's browser = talking to someone through a video doorbell

You can see what they're doing, they can communicate with you, but they can't walk into your house.

Best Practices

  • Run locally β€” on your laptop, desktop, or home server with a display
  • Avoid VPS for web browsing tasks (headless = blocked)
  • Let OpenClaw manage its own browser profile
  • Don't share your regular browser profile with OpenClaw
  • Review what sites you're logged into in the OpenClaw browser
  • Consider using dedicated accounts for agent-accessible services

πŸ’‘ The Right Tool for the Job

Web browsing is powerful but not always the best approach:

  • Use APIs when available (faster, more reliable)
  • Use CLI tools for data extraction (gog, gh, etc.)
  • Use web fetch for simple page reads
  • Use browser for complex interactions: forms, logins, dynamic content