Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Nlm Cli
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a transparent wrapper for the NotebookLM CLI, but it can use your Google/NotebookLM session and perform account-changing actions such as uploads, deletes, sharing, and MCP setup.
Before installing, verify that you trust the external `notebooklm-mcp-cli` package and intend to let it use your NotebookLM/Google session. Check the active profile before running commands, and require explicit confirmation for deletes, public sharing, editor invites, source imports, and MCP setup.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If run on the wrong notebook or account, the agent could delete content, make a notebook public, or invite another user with editor access.
Why it was flagged
The command catalog exposes destructive and sharing operations against NotebookLM. These are aligned with the stated purpose and are documented, but they can materially change or expose user content.
Skill content
node {baseDir}/scripts/nlm.mjs notebook delete <id> --confirm
node {baseDir}/scripts/nlm.mjs share public <notebook>
node {baseDir}/scripts/nlm.mjs share invite <notebook> email@example.com --role editorRecommendation
Use these commands only after explicit user confirmation, and verify notebook IDs, email addresses, and sharing settings before execution.
What this means
NotebookLM actions may run under the wrong Google account if the active profile is not checked.
Why it was flagged
The skill uses authenticated NotebookLM/Google browser sessions and profiles. This is expected for NotebookLM automation, but it gives the CLI authority to act as the active account.
Skill content
node {baseDir}/scripts/nlm.mjs login --provider openclaw --cdp-url http://127.0.0.1:18800
...
每个 profile 都是独立的浏览器会话,因此可以同时保留多个 Google 账号
当前默认 profile 决定 NotebookLM 操作实际使用哪个账号Recommendation
Use a dedicated profile where possible, run login/profile checks before important actions, and confirm the active Google account before mutating or sharing content.
What this means
Trust in the installed `notebooklm-mcp-cli` package is necessary because it handles NotebookLM operations and authentication.
Why it was flagged
The skill delegates most behavior to an external, unpinned third-party CLI package installed from the package ecosystem. This is central to the skill, but the external package code is not part of the provided artifacts.
Skill content
uv tool install notebooklm-mcp-cli ... pip install notebooklm-mcp-cli
Recommendation
Install from a trusted package source, verify the package maintainer and version, and consider pinning a known-good version.
What this means
Sensitive or incorrect sources could persist in a notebook and influence later answers or generated artifacts.
Why it was flagged
The skill can add selected files or Drive documents as NotebookLM sources and configure notebook chat behavior. This is purpose-aligned, but it creates persistent context that may affect future NotebookLM responses.
Skill content
node {baseDir}/scripts/nlm.mjs source add <notebook> --file document.pdf --wait
node {baseDir}/scripts/nlm.mjs source add <notebook> --drive <doc-id>
node {baseDir}/scripts/nlm.mjs chat configure <notebook> --goal custom --prompt "You are an expert..."Recommendation
Add only intended sources, review notebook contents periodically, and remove stale or sensitive sources when they are no longer needed.
What this means
Other configured AI tools may gain the ability to interact with NotebookLM through the same account context.
Why it was flagged
The skill can configure NotebookLM MCP access for other AI tools. This is documented and optional, but it extends NotebookLM access across tool boundaries.
Skill content
当需要把 NotebookLM MCP server 配置给其他 AI 工具时,使用 `setup`:
...
node {baseDir}/scripts/nlm.mjs setup add claude-code
node {baseDir}/scripts/nlm.mjs setup add gemini
node {baseDir}/scripts/nlm.mjs setup add cursorRecommendation
Only configure MCP access for trusted tools and review the resulting tool configuration and account profile.