Security audit

Notebooklm

Security checks across malware telemetry and agentic risk

Overview

This NotebookLM automation skill is mostly purpose-aligned, but it asks for sensitive Google session access and allows broad NotebookLM actions with insufficient scoping and warnings.

Install only if you intentionally want an agent to control NotebookLM through an unofficial client. Use a dedicated low-privilege Google account or isolated browser profile, avoid primary-account cookies, review what files or Drive content will be imported, and require explicit confirmation before sharing, exporting, deleting, or uploading sensitive material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The README instructs users to authenticate with a Google account for an unofficial client that uses undocumented Google APIs, but it does not disclose the privacy, account-security, or terms-of-service risks of doing so. This can mislead users into granting access to potentially sensitive notebooks and documents without informed consent, especially because the skill manages sources, exports, sharing, and artifact downloads programmatically.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The top-level description includes very broad activation examples such as creating a podcast, presentation, quiz, or summarizing documents, which are common requests that could match many unrelated user intents. This can cause unintended routing into a powerful skill that can create notebooks, import sources, and interact with external services, increasing the chance of accidental data handling or side effects.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The intent-detection list is ambiguous and lacks guardrails, using generic prompts like 'Analyze these documents' or 'Generate a quiz from my research' that overlap with many other skills or native assistant capabilities. In this skill's context, unintended activation is more dangerous because the skill supports authentication checks, source imports, web research, and notebook state changes against an external Google account.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill exposes commands to enable public sharing, change visibility, and grant user access, but does not warn that these actions may disclose notebook contents, sources, notes, and chats to external parties. Because NotebookLM notebooks may contain uploaded documents and research material, missing privacy warnings and confirmation requirements materially increase the risk of accidental data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.