Gcloud OpenClaw Skill - ClawHub
Do you want your AI agent to automate Gcloud workflows? This free skill from ClawHub helps with devops & cloud tasks without building custom tools from scratch.
What this skill does
Manage Google Cloud Platform resources via gcloud CLI. Use for Compute Engine VMs, Cloud Run services, Firebase Hosting, Cloud Storage, and project management. Covers deployment, monitoring, logs, and SSH access.
Install
npx clawhub@latest install gcloudFull SKILL.md
Open original| name | description |
|---|---|
| gcloud | Manage Google Cloud Platform resources via gcloud CLI. Use for Compute Engine VMs, Cloud Run services, Firebase Hosting, Cloud Storage, and project management. Covers deployment, monitoring, logs, and SSH access. |
Google Cloud Platform Skill
Manage GCP resources using gcloud, gsutil, and firebase CLIs.
Installation
gcloud CLI (one-time setup)
# Download and extract
cd ~ && curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz
tar -xzf google-cloud-cli-linux-x86_64.tar.gz
# Install (adds to PATH via .bashrc)
./google-cloud-sdk/install.sh --quiet --path-update true
# Reload shell or source
source ~/.bashrc
# Authenticate
gcloud auth login
Firebase CLI
npm install -g firebase-tools
firebase login
Quick Reference
Authentication & Config
# List authenticated accounts
gcloud auth list
# Switch active account
gcloud config set account EMAIL
# List projects
gcloud projects list
# Set default project
gcloud config set project PROJECT_ID
# View current config
gcloud config list
Compute Engine (VMs)
List Instances
# All instances across projects
gcloud compute instances list --project PROJECT_ID
# With specific fields
gcloud compute instances list --project PROJECT_ID \
--format="table(name,zone,status,networkInterfaces[0].accessConfigs[0].natIP)"
Start/Stop/Restart
gcloud compute instances start INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID
gcloud compute instances reset INSTANCE_NAME --zone ZONE --project PROJECT_ID
SSH Access
# Interactive SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Run command remotely
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "uptime"
# With tunneling (e.g., for local port forwarding)
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID -- -L 8080:localhost:8080
View Logs
# Serial port output (boot logs)
gcloud compute instances get-serial-port-output INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Tail logs via SSH
gcloud compute ssh INSTANCE_NAME --zone ZONE --project PROJECT_ID --command "journalctl -f"
Cloud Run
List Services
# List all services in a region
gcloud run services list --region REGION --project PROJECT_ID
# All regions
gcloud run services list --project PROJECT_ID
Deploy
# Deploy from source (builds container automatically)
gcloud run deploy SERVICE_NAME \
--source . \
--region REGION \
--project PROJECT_ID \
--allow-unauthenticated
# Deploy existing container image
gcloud run deploy SERVICE_NAME \
--image gcr.io/PROJECT_ID/IMAGE:TAG \
--region REGION \
--project PROJECT_ID
View Service Details
gcloud run services describe SERVICE_NAME --region REGION --project PROJECT_ID
View Logs
# Stream logs
gcloud run services logs read SERVICE_NAME --region REGION --project PROJECT_ID --limit 50
# Or use Cloud Logging
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=SERVICE_NAME" \
--project PROJECT_ID --limit 20 --format="table(timestamp,textPayload)"
Update Environment Variables
gcloud run services update SERVICE_NAME \
--region REGION \
--project PROJECT_ID \
--set-env-vars "KEY1=value1,KEY2=value2"
Traffic Management
# Route 100% traffic to latest
gcloud run services update-traffic SERVICE_NAME --to-latest --region REGION --project PROJECT_ID
# Split traffic (canary)
gcloud run services update-traffic SERVICE_NAME \
--to-revisions=REVISION1=90,REVISION2=10 \
--region REGION --project PROJECT_ID
Firebase Hosting
List Projects
firebase projects:list
Deploy
# Deploy everything (hosting + functions + rules)
firebase deploy --project PROJECT_ID
# Hosting only
firebase deploy --only hosting --project PROJECT_ID
# Specific site (multi-site setup)
firebase deploy --only hosting:SITE_NAME --project PROJECT_ID
Preview Channels
# Create preview channel
firebase hosting:channel:deploy CHANNEL_NAME --project PROJECT_ID
# List channels
firebase hosting:channel:list --project PROJECT_ID
# Delete channel
firebase hosting:channel:delete CHANNEL_NAME --project PROJECT_ID
Rollback
# List recent deploys
firebase hosting:releases:list --project PROJECT_ID
# Rollback to specific version
firebase hosting:rollback --project PROJECT_ID
Cloud Storage (gsutil)
# List buckets
gsutil ls
# List contents
gsutil ls gs://BUCKET_NAME/
# Copy file
gsutil cp LOCAL_FILE gs://BUCKET_NAME/path/
gsutil cp gs://BUCKET_NAME/path/file LOCAL_PATH
# Sync directory
gsutil -m rsync -r LOCAL_DIR gs://BUCKET_NAME/path/
# Make public
gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Logs & Monitoring
Cloud Logging
# Read recent logs
gcloud logging read "resource.type=gce_instance" --project PROJECT_ID --limit 20
# Filter by severity
gcloud logging read "severity>=ERROR" --project PROJECT_ID --limit 20
# Specific resource
gcloud logging read "resource.type=cloud_run_revision AND resource.labels.service_name=my-service" \
--project PROJECT_ID --limit 20
Monitoring Metrics
# List available metrics
gcloud monitoring metrics list --project PROJECT_ID | head -50
# Describe metric
gcloud monitoring metrics-scopes describe projects/PROJECT_ID
Billing & Cost Monitoring
View Current Costs
# List billing accounts
gcloud billing accounts list
# Get billing account linked to project
gcloud billing projects describe PROJECT_ID
# View cost breakdown (requires billing export to BigQuery or use console)
# Quick estimate via APIs enabled:
gcloud services list --enabled --project PROJECT_ID
Set Budget Alerts
# Create budget (via gcloud beta)
gcloud billing budgets create \
--billing-account=BILLING_ACCOUNT_ID \
--display-name="Monthly Budget" \
--budget-amount=50EUR \
--threshold-rule=percent=50 \
--threshold-rule=percent=90 \
--threshold-rule=percent=100
# List budgets
gcloud billing budgets list --billing-account=BILLING_ACCOUNT_ID
# Describe budget
gcloud billing budgets describe BUDGET_ID --billing-account=BILLING_ACCOUNT_ID
Cost-Saving Tips
# Stop unused VMs (saves $$$)
gcloud compute instances stop INSTANCE_NAME --zone ZONE --project PROJECT_ID
# Schedule auto-start/stop (use Cloud Scheduler + Cloud Functions or cron)
# Check for idle resources
gcloud recommender recommendations list \
--project=PROJECT_ID \
--location=global \
--recommender=google.compute.instance.IdleResourceRecommender
Secret Manager
Create & Manage Secrets
# Enable API
gcloud services enable secretmanager.googleapis.com --project PROJECT_ID
# Create a secret
echo -n "my-secret-value" | gcloud secrets create SECRET_NAME \
--data-file=- \
--project PROJECT_ID
# Or from file
gcloud secrets create SECRET_NAME --data-file=./secret.txt --project PROJECT_ID
Access Secrets
# Get latest version
gcloud secrets versions access latest --secret=SECRET_NAME --project PROJECT_ID
# Get specific version
gcloud secrets versions access 1 --secret=SECRET_NAME --project PROJECT_ID
# List all secrets
gcloud secrets list --project PROJECT_ID
# List versions of a secret
gcloud secrets versions list SECRET_NAME --project PROJECT_ID
Update Secrets
# Add new version
echo -n "new-value" | gcloud secrets versions add SECRET_NAME --data-file=- --project PROJECT_ID
# Disable old version
gcloud secrets versions disable VERSION_ID --secret=SECRET_NAME --project PROJECT_ID
# Delete version (permanent!)
gcloud secrets versions destroy VERSION_ID --secret=SECRET_NAME --project PROJECT_ID
Use in Cloud Run
# Deploy with secret as env var
gcloud run deploy SERVICE_NAME \
--image IMAGE \
--region REGION \
--project PROJECT_ID \
--set-secrets="ENV_VAR_NAME=SECRET_NAME:latest"
# Mount as file
gcloud run deploy SERVICE_NAME \
--image IMAGE \
--region REGION \
--project PROJECT_ID \
--set-secrets="/path/to/secret=SECRET_NAME:latest"
Artifact Registry (Container Images)
Setup
# Enable API
gcloud services enable artifactregistry.googleapis.com --project PROJECT_ID
# Create Docker repository
gcloud artifacts repositories create REPO_NAME \
--repository-format=docker \
--location=REGION \
--project PROJECT_ID \
--description="Docker images"
Configure Docker Auth
# Configure Docker to use gcloud credentials
gcloud auth configure-docker REGION-docker.pkg.dev
Build & Push Images
# Build with Cloud Build (no local Docker needed)
gcloud builds submit --tag REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
# Or with local Docker
docker build -t REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG .
docker push REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
List & Manage Images
# List images
gcloud artifacts docker images list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME
# List tags for an image
gcloud artifacts docker tags list REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE
# Delete image
gcloud artifacts docker images delete REGION-docker.pkg.dev/PROJECT_ID/REPO_NAME/IMAGE:TAG
Cloud SQL (Databases)
Create Instance
# Enable API
gcloud services enable sqladmin.googleapis.com --project PROJECT_ID
# Create PostgreSQL instance
gcloud sql instances create INSTANCE_NAME \
--database-version=POSTGRES_15 \
--tier=db-f1-micro \
--region=REGION \
--project PROJECT_ID
# Create MySQL instance
gcloud sql instances create INSTANCE_NAME \
--database-version=MYSQL_8_0 \
--tier=db-f1-micro \
--region=REGION \
--project PROJECT_ID
Manage Databases & Users
# Create database
gcloud sql databases create DB_NAME --instance=INSTANCE_NAME --project PROJECT_ID
# List databases
gcloud sql databases list --instance=INSTANCE_NAME --project PROJECT_ID
# Create user
gcloud sql users create USERNAME \
--instance=INSTANCE_NAME \
--password=PASSWORD \
--project PROJECT_ID
# List users
gcloud sql users list --instance=INSTANCE_NAME --project PROJECT_ID
Connect
# Connect via Cloud SQL Proxy (recommended)
# First, download proxy: https://cloud.google.com/sql/docs/mysql/sql-proxy
# Direct connection (requires public IP & authorized networks)
gcloud sql connect INSTANCE_NAME --user=USERNAME --project PROJECT_ID
# Get connection info
gcloud sql instances describe INSTANCE_NAME --project PROJECT_ID \
--format="value(connectionName)"
Backups
# Create on-demand backup
gcloud sql backups create --instance=INSTANCE_NAME --project PROJECT_ID
# List backups
gcloud sql backups list --instance=INSTANCE_NAME --project PROJECT_ID
# Restore from backup
gcloud sql backups restore BACKUP_ID --restore-instance=INSTANCE_NAME --project PROJECT_ID
Connect from Cloud Run
# Deploy with Cloud SQL connection
gcloud run deploy SERVICE_NAME \
--image IMAGE \
--region REGION \
--project PROJECT_ID \
--add-cloudsql-instances=PROJECT_ID:REGION:INSTANCE_NAME \
--set-env-vars="DB_HOST=/cloudsql/PROJECT_ID:REGION:INSTANCE_NAME"
Troubleshooting
"API not enabled"
# Enable an API
gcloud services enable run.googleapis.com --project PROJECT_ID
gcloud services enable compute.googleapis.com --project PROJECT_ID
"Permission denied"
# Check IAM roles
gcloud projects get-iam-policy PROJECT_ID --flatten="bindings[].members" \
--format="table(bindings.role)" --filter="bindings.members:EMAIL"
"Not authenticated"
gcloud auth login
gcloud auth application-default login # For ADC (used by libraries)
Refresh credentials
gcloud auth login --force