Notebooklm Content
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is coherent for automating Google NotebookLM, but it depends on a browser relay controlling a logged-in Chrome tab, so users should keep that access tightly scoped.
Before installing, make sure you trust the Browser Relay extension, use it only on the intended NotebookLM tab, keep your gateway token private, and avoid uploading sensitive sources unless you are comfortable storing them in Google NotebookLM.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click or type into the enabled NotebookLM tab and create or modify content under the user's session.
These commands let the agent interact with and capture the enabled browser tab. That is expected for NotebookLM automation, but browser actions can affect the live page if used on the wrong tab or element.
openclaw browser click <element-ref> --browser-profile chrome-relay --json openclaw browser type <element-ref> "text content" --browser-profile chrome-relay --json openclaw browser screenshot --browser-profile chrome-relay
Enable the relay only for the intended NotebookLM tab, keep progress visible, and disable the relay when the task is complete.
Created notebooks, uploaded sources, and generated outputs may be stored in the user's Google account.
The workflow operates through the user's authenticated Google NotebookLM browser session. This is purpose-aligned, but actions happen with the user's account privileges.
- User must be logged into NotebookLM in Chrome
Use a dedicated browser profile or account if possible, and review generated notebooks and links before sharing them.
Contents and controls of the enabled tab may be accessible through the relay while it is active.
The browser relay creates a local control channel protected by a gateway token. The guide warns not to paste the token, but enabling the relay still exposes the selected tab to OpenClaw control.
Gateway token: from ~/.openclaw/openclaw.json -> gateway.auth.token **IMPORTANT:** Never paste the token in chat! ... Enable relay for that tab 4. Tab is now controllable via OpenClaw
Keep the gateway token private, configure it only in trusted extension settings, and enable relay only for tabs needed for the task.
Installing the wrong or untrusted browser extension could expose browser tabs or gateway access.
The skill depends on an external Chrome extension, but the registry artifacts do not include an install spec or source URL for that dependency.
1. Install OpenClaw Browser Relay extension in Chrome
Install the Browser Relay only from an official or trusted OpenClaw source and verify the extension before providing the gateway token.