ClawHub

NotebookLM Skill

Security checks across malware telemetry and agentic risk

Overview

This NotebookLM helper is coherent and not clearly malicious, but it needs review because it can expose notebooks, handle Google session access, and recommends broad local execution workarounds without enough warning.

Install only if you trust the external nlm CLI and NotebookLM MCP server. Use a dedicated Google profile where possible, avoid manually pasting raw cookies, require explicit confirmation before public sharing or collaborator invites, and do not use full-access sandbox mode or broad browser-kill commands unless you understand the local risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description is overly broad and can cause the skill to activate in contexts that merely mention NotebookLM-related terms without actually requesting this toolset. Over-broad activation increases the chance an agent will apply powerful notebook, sharing, deletion, or authentication guidance in the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The sharing section documents enabling public links and inviting collaborators without a prominent privacy warning or confirmation requirement. In a skill that automates notebook operations, this omission can lead users or agents to expose private notebook contents, sources, or generated artifacts unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs users to enable public link sharing for a notebook but does not warn that anyone with the link may be able to access potentially sensitive notebook contents, sources, or generated artifacts. In an agent skill context, this omission is risky because an assistant could follow the workflow mechanically and expose private research, notes, or shared documents without prompting the user to consider privacy consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal