NotebookLM CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent wrapper around the NotebookLM CLI, but users should treat it as account-level NotebookLM access.

Install only if you trust the external NotebookLM CLI on your PATH and are comfortable letting an agent operate your logged-in NotebookLM account. Require explicit confirmation before delete commands, exports, collaborator changes, public sharing, language changes, or any command using `--yes`.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This markdown file documents commands that can delete notebooks, sources, artifacts, and notes, as well as enable public sharing and modify collaborators, but it provides no warning text about data loss or privacy exposure. Under the markdown-specific SQP-2 criteria, the skill description should disclose behaviors that could affect user data, privacy, or system integrity.

Natural-Language Policy Violations

Low

Confidence: 88% confidence
Finding: The command example `language set zh_Hans` sets a specific locale, but the surrounding text does not present this as optional or offer a language choice. SQP-3 flags natural-language policy issues where a specific language or locale is imposed without explicit user opt-in or justification.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal