Course 02: Going DeeperModule 2 of 9

MODULE 02 · COURSE 02: GOING DEEPER

Module 2: Connecting Gmail

This is one of the most useful things you can do. Once your agent can read your email, it stops being a chatbot and starts being an actual assistant.

What you get when Gmail is connected

  • Ask: "What important emails did I get today?"
  • Ask: "Do I have anything from [person] I haven't responded to?"
  • Ask: "Summarize the thread about the contract revision."
  • Automatic alerts: "You got an invoice from Adobe — want me to log it?"
  • Scheduled briefings: "Every morning, tell me what needs a response today."

How it works

OpenClaw connects to Gmail via OAuth — the same kind of authorization you use when an app says "Sign in with Google." You authorize it once, it gets a refresh token it can use going forward, and you stay in control (you can revoke it any time from your Google account settings).

Your emails don't go anywhere except from Google to your agent's context. Nothing is stored externally.

Option 1: Just ask your agent

The simplest approach — tell your agent what you want and let it figure out the connection:

"I want you to be able to read my Gmail. What do I need to do to set that up?"

A well-configured agent with code execution enabled will walk you through it. It'll ask for your email address, generate an OAuth flow, and guide you through authorizing it.

If that works — great, you're done. If you want to understand what's happening under the hood (or if the automated approach fails), use Option 2.

Option 2: Manual Google OAuth setup

Step 1: Create a Google Cloud project

  1. Go to console.cloud.google.com
  2. Create a new project (call it something like "OpenClaw" or "My Agent")
  3. Go to APIs & Services → Library
  4. Search for Gmail API and enable it

Step 2: Create OAuth credentials

  1. Go to APIs & Services → Credentials
  2. Click Create Credentials → OAuth Client ID
  3. Application type: Desktop app
  4. Name it anything
  5. Download the JSON file — this is your credentials.json

Step 3: Configure the consent screen

If prompted, set up the OAuth consent screen:

  • User type: External (unless you're on Google Workspace)
  • App name: anything
  • Add your own email as a test user

Step 4: Set it up with your agent

Store the credentials securely: 

openclaw secrets set GOOGLE_CREDENTIALS "$(cat credentials.json)"

Then tell your agent:

"I've set up Google OAuth credentials. The secret is called GOOGLE_CREDENTIALS. Please use it to connect to my Gmail and set up a way to read my email."

Your agent will handle the OAuth flow, save the refresh token, and confirm when it's connected.

What to do with it once it's connected

The morning email briefing:
"Every morning at 8am, check my Gmail for unread emails from the last 12 hours. Summarize anything important and flag anything that needs a response from me today."
The inbox zero assistant:
"I'm about to do an inbox session. Go through my last 48 hours of unread email and give me a prioritized list of what needs my attention. Skip newsletters and automated stuff."
The deal tracker:
"Every time I get an email about [client name], flag it for me immediately, even if I'm not asking."
The receipt logger:
"Every time I get a receipt or invoice in my email, log the amount, merchant, and date. I'll review the log weekly."

What NOT to do (yet)

Don't give your agent send access until you've spent a few weeks with read access and trust how it handles things. Agents can draft and suggest replies without being able to send — that's the right starting point.

When you're ready to enable sending:

"I want you to be able to draft email replies. When you draft something, always show it to me first before sending unless I explicitly tell you to just send it."

Set that expectation in your SOUL.md too.

If Google blocks the OAuth flow

New OAuth apps go through a verification process. For personal use (you authorizing your own agent to access your own email), you can proceed through the "unverified app" warning — Google shows a scary-sounding screen but it's just for apps that haven't been formally reviewed.

Click Advanced → Go to [App Name] (unsafe) to proceed. You're authorizing your own agent on your own account. It's fine.

Next up

Module 3: Connecting Google Calendar →