NotebookLM CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a transparent NotebookLM CLI wrapper, but installing it lets the agent use an authenticated NotebookLM account to change, delete, export, or share notebook content when invoked.
This skill appears coherent and purpose-aligned, but treat it like giving the agent access to your NotebookLM CLI. Verify the external `notebooklm` binary, log in with the correct account, and require confirmation before deleting content, exporting artifacts, changing collaborators, or enabling public sharing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could delete notebook data or make notebook content publicly accessible.
The command catalog exposes destructive and public-sharing NotebookLM operations through the wrapper. These are purpose-aligned for a CLI wrapper, but they are high-impact actions that should be user-approved before execution.
node {baseDir}/scripts/notebooklm.mjs delete --notebook <notebook_id> --yes
node {baseDir}/scripts/notebooklm.mjs source delete <source_id> --yes
node {baseDir}/scripts/notebooklm.mjs share public --enableUse explicit user confirmation for delete, export, permission-change, and public-sharing commands.
The skill will run whatever `notebooklm` executable the environment resolves first.
The skill executes the external `notebooklm` CLI. This is expected for the stated wrapper purpose, but users should ensure the intended binary is installed on PATH.
const result = spawnSync("notebooklm", args, { stdio: "inherit" });Install the NotebookLM CLI from a trusted source and verify PATH order before use.
Agent actions may read or modify NotebookLM data under the logged-in account.
The skill expects the underlying CLI to be authenticated, so commands run with the user’s NotebookLM account authority. This is expected for the integration and no credential leakage is shown.
NotebookLM CLI authenticated (run `login` if needed).
Authenticate only the intended account and review sensitive account-changing commands before allowing execution.
Users must independently verify the external CLI they install and run.
The metadata does not declare the external `notebooklm` dependency or provide its source, even though SKILL.md requires it on PATH. This is an incomplete provenance signal rather than evidence of malicious behavior.
Source: unknown; Homepage: none; Install specifications: No install spec; Required binaries (all must exist): none
Document the trusted NotebookLM CLI source and declare required binaries in metadata.
Sensitive or incorrect content added to a notebook may persist and be reused in future NotebookLM interactions.
The skill can add and update persistent NotebookLM sources/notes and retrieve notebook history. This is normal NotebookLM behavior, but stored context may influence later answers.
node {baseDir}/scripts/notebooklm.mjs source add "Inline notes" --title "Meeting" --notebook <notebook_id>
node {baseDir}/scripts/notebooklm.mjs note save <note_id> --content "Updated notes"
node {baseDir}/scripts/notebooklm.mjs history --notebook <notebook_id> --limit 20Add only intended content to notebooks and periodically review sources, notes, and sharing settings.