A minimal Google Apps Script web app that accepts and executes arbitrary JavaScript at runtime. Deploy once, never redeploy — all behavior is sent as code at call time.
The deployed Code.gs does one thing: receive a JSON body with a code field and eval() it. The code runs in the Apps Script runtime with access to Drive, Docs, Sheets, Gmail, Calendar, and any Google REST API — with auth handled automatically.
Scripts in skills/google-workspace-code-mode/examples/ are never deployed. They live on your machine, are sent over HTTP as strings, and executed remotely. Edit them freely — the next request picks up changes with no redeployment.
- Go to script.google.com and create a new project.
- Replace the contents of your new project's
Code.gswith the code inskills/google-workspace-code-mode/appscript/Code.gs.
The scopes_() function at the bottom of Code.gs is never called — it just references Google services so that Apps Script knows to request permissions for them during deployment. Without it, eval() hides the actual service usage from the parser and you'd get permission errors at runtime.
In the Apps Script editor, go to Project Settings > Script Properties and add:
| Property | Value |
|---|---|
SECRET_TOKEN |
A random string for authentication. Generate one eg run: openssl rand -hex 16 and copy and paste the results |
- Click Deploy > New deployment
- Select type: Web app
- Set "Execute as" to Me (your account — gives the script access to your Google services)
- Set "Who has access" to Anyone (the token handles authentication)
- Click Deploy and copy the web app URL
You will not need to redeploy after this. All behavior is injected at runtime.
Replace $WEBAPP_URL and $SECRET_TOKEN with your values:
# Run a one-liner
curl -L -H 'Content-Type: application/json' \
-d '{"code": "DriveApp.getFiles().next().getName()"}' \
'$WEBAPP_URL?token=$SECRET_TOKEN'
# Send a whole script from a file
curl -L -H 'Content-Type: application/json' \
-d "{\"code\": $(cat skills/google-workspace-code-mode/examples/drive-search.js | jq -Rs)}" \
'$WEBAPP_URL?token=$SECRET_TOKEN'| Script | What it does |
|---|---|
skills/google-workspace-code-mode/examples/drive-search.js |
Search Google Drive by query |
skills/google-workspace-code-mode/examples/spreadsheet-reporter.js |
Summarize a Google Sheet |
skills/google-workspace-code-mode/examples/discovery-list.js |
List available Google APIs |
skills/google-workspace-code-mode/examples/discovery-search.js |
Search an API's methods by name |
skills/google-workspace-code-mode/examples/rest-api-call.js |
Call any Google REST API with automatic auth |
skills/google-workspace-code-mode/examples/discover-and-call.js |
Search + execute in one script |
npx skills add owner/repoThis installs the google-workspace-code-mode skill, making /google-workspace-code-mode available as a slash command. The skill teaches the agent how to call the endpoint — including walking you through setup if you haven't configured it yet.
- Token authentication: Every request must include the secret token.
- URL obscurity: The deployment URL contains a random ID. An attacker needs both the URL and the token.
- This is for personal/team use: The eval endpoint executes arbitrary code. Only share the URL and token with people you trust completely.
- In Project Settings, check Show "appsscript.json" manifest file in editor. This lets you see and modify advanced scopes directly — useful if you need to add permissions beyond what the
scopes_()function covers. - If you make changes to
Code.gsafter deploying (e.g. adding new scope references), you'll need to redeploy: save your code, then go to Deploy > Manage deployments, click the pencil icon on your web app, and select the new version.
- 6-minute execution limit: Apps Script enforces a hard timeout per invocation.
- ~50 MB POST body: More than enough for any injected code.
- Always HTTP 200: Apps Script web apps can't set custom status codes. Check the
statusfield in the JSON response. - Redirects: Apps Script POST endpoints redirect (302). Use
curl -Land let-dimply POST — don't use-X POST, which prevents proper redirect following.
