v0.1.1

NotebookLM CLI

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

The skill is a transparent NotebookLM CLI wrapper, but it gives an agent broad authenticated account-changing powers such as deletion and public sharing.

GuidanceReview before installing if you allow agents to act autonomously. Only use it with a trusted `notebooklm` CLI and the intended NotebookLM account, and require explicit confirmation for delete, public-share, editor-share, export, or other account-changing commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

references/cli-commands.md

node {baseDir}/scripts/notebooklm.mjs delete --notebook <notebook_id> --yes
node {baseDir}/scripts/notebooklm.mjs share add user@example.com --permission editor
node {baseDir}/scripts/notebooklm.mjs share public --enable

The documented workflow exposes destructive no-confirm deletion and public/editor sharing through the agent-invocable wrapper, without explicit approval or safety-scoping guidance.

User impactAn agent using this skill could delete NotebookLM content or expose a notebook to other people if it runs these commands in the authenticated account.

RecommendationRequire explicit user confirmation before delete, `--yes`, public sharing, or editor-sharing commands; consider limiting the wrapper to safer read/chat/list operations unless mutation is specifically requested.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/notebooklm.mjs

const result = spawnSync("notebooklm", args, { stdio: "inherit" });

The script executes a local CLI binary with pass-through arguments. This is expected for a CLI wrapper, but it means the skill’s behavior depends on the local `notebooklm` executable.

User impactIf the wrong or untrusted `notebooklm` binary is on PATH, the wrapper will run it.

RecommendationVerify the installed `notebooklm` CLI source and PATH ordering before using the skill.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

metadata

Source: unknown
Homepage: none

The registry metadata does not provide provenance or a homepage for the skill, while the skill relies on an external local CLI dependency.

User impactUsers have less provenance information for verifying the skill and the expected CLI setup.

RecommendationInstall the NotebookLM CLI only from a trusted source and verify this skill’s publisher/source before granting it access to an authenticated account.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

- NotebookLM CLI authenticated (run `login` if needed).

The skill depends on a local authenticated NotebookLM session, so commands run with the user’s NotebookLM account privileges.

User impactActions are performed as the logged-in NotebookLM user and may affect that user’s notebooks, sources, notes, artifacts, and sharing settings.

RecommendationUse a dedicated or least-privileged account where possible, confirm the active account with `status`, and avoid running account-changing commands unless the user explicitly asks.