ClawHub

Notebooklm Skill Factory

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to build other skills, but it can upload user research to NotebookLM and install model-generated instructions into a persistent agent skills directory without clear approval boundaries.

Review this skill before installing if you plan to use confidential documents, private URLs, or internal videos as NotebookLM sources. Prefer running it in a scratch workspace, inspect the generated SKILL.md, and only move it into ~/.claude/skills after you approve the exact contents and target skill name.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly says the skill will collect user-provided PDFs, URLs, and YouTube sources and upload/index them in NotebookLM, but it does not warn users that this may send potentially sensitive data to a third-party service. In a skill that automates source ingestion, this omission materially increases the chance of inadvertent disclosure of confidential documents, regulated data, or proprietary research.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs writing generated content into the user's persistent skills directory without an explicit confirmation or warning about modifying local files. Because the content is derived from external sources and model output, this can install unreviewed instructions into a trusted agent environment and create lasting unsafe behavior.

Self-Modification

High
Category
Rogue Agent
Content
```bash
     notebooklm ask "The SKILL.md generated earlier has this issue: {failure}. Based on the sources, rewrite it to fix this. Output complete corrected SKILL.md in a markdown code block." -n <id> --json
     ```
   - Parse again and overwrite SKILL.md
   - Re-test

4. **Repeat** until the skill passes a real usage test.
Confidence
97% confidence
Finding
overwrite SKILL

Session Persistence

Medium
Category
Rogue Agent
Content
### Phase 3: Install & Validate

1. **Create the skill directory:**
   ```bash
   mkdir -p ~/.claude/skills/{skill-name}
   ```
Confidence
95% confidence
Finding
Create the skill directory:** ```bash mkdir -p ~/.claude/skills/{skill-name} ``` 2. **Write the SKILL.md:** Move the parsed output to `~/.claude/skills/{skill-name}/SKILL.md` 3. **Run sk

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal