Security checks across malware telemetry and agentic risk
The skill is mostly aligned with querying NotebookLM, but it needs Review because it forwards raw Telegram commands to a CLI and ships privileged VPS setup scripts that handle reusable Google session cookies.
Install only in a controlled environment where you trust both the VPS and everyone who can send `/nlm` commands. Review the bootstrap before running it with sudo, avoid broad Telegram command access, restrict use to read-only NotebookLM queries where possible, and be prepared to rotate or revoke the copied Google/NotebookLM cookies.
fi } require_sudo echo "[1/7] Installing OS packages (jq, pipx, python tooling)..." sudo apt-get update -y
require_sudo echo "[1/7] Installing OS packages (jq, pipx, python tooling)..." sudo apt-get update -y sudo apt-get install -y jq python3-pip python3-venv pipx echo "[2/7] Installing notebooklm-mcp-cli (nlm)..."
echo "[3/7] Installing ClawHub CLI (clawhub) if missing..."
if ! command -v clawhub >/dev/null 2>&1; then
if command -v npm >/dev/null 2>&1; then
sudo npm i -g clawhub
elif command -v pnpm >/dev/null 2>&1; then
sudo pnpm add -g clawhub
elseif command -v npm >/dev/null 2>&1; then
sudo npm i -g clawhub
elif command -v pnpm >/dev/null 2>&1; then
sudo pnpm add -g clawhub
else
echo "Error: clawhub is missing and neither npm nor pnpm is available." >&2
echo "Install one of them, then run: npm i -g clawhub (or pnpm add -g clawhub)" >&2echo "OK: injected NotebookLM auth into ${PROFILE_DIR}"
EOF
sudo mv /tmp/notebooklm-auth-inject.sh "${INJECT_BIN}"
sudo chown "${TARGET_USER}":"${TARGET_USER}" "${INJECT_BIN}"
sudo chmod 0755 "${INJECT_BIN}"echo "[7/7] Setting up systemd integration (optional)..."
sudo mkdir -p /etc/openclaw
sudo touch "${AUTH_FILE}"
sudo chown root:root "${AUTH_FILE}"echo "[7/7] Setting up systemd integration (optional)..."
sudo mkdir -p /etc/openclaw
sudo touch "${AUTH_FILE}"
sudo chown root:root "${AUTH_FILE}"
if ! getent group openclaw >/dev/null 2>&1; thensudo mkdir -p /etc/openclaw
sudo touch "${AUTH_FILE}"
sudo chown root:root "${AUTH_FILE}"
if ! getent group openclaw >/dev/null 2>&1; then
sudo groupadd openclawsudo chown root:root "${AUTH_FILE}"
if ! getent group openclaw >/dev/null 2>&1; then
sudo groupadd openclaw
fi
sudo usermod -aG openclaw "${TARGET_USER}" || true
sudo chgrp openclaw "${AUTH_FILE}"fi
sudo usermod -aG openclaw "${TARGET_USER}" || true
sudo chgrp openclaw "${AUTH_FILE}"
sudo chmod 0640 "${AUTH_FILE}"
if [[ -n "${OPENCLOW_SERVICE}" ]]; then
sudo mkdir -p "/etc/systemd/system/${OPENCLOW_SERVICE}.d"Environment=NOTEBOOKLM_AUTH_FILE=${AUTH_FILE}
ExecStartPre=${INJECT_BIN}
EOF
sudo mv "/tmp/notebooklm-dropin.conf" "/etc/systemd/system/${OPENCLOW_SERVICE}.d/notebooklm.conf"
sudo systemctl daemon-reload
echo "Installed systemd drop-in: /etc/systemd/system/${OPENCLOW_SERVICE}.d/notebooklm.conf"
echo "Restarting service: ${OPENCLOW_SERVICE}"ExecStartPre=${INJECT_BIN}
EOF
sudo mv "/tmp/notebooklm-dropin.conf" "/etc/systemd/system/${OPENCLOW_SERVICE}.d/notebooklm.conf"
sudo systemctl daemon-reload
echo "Installed systemd drop-in: /etc/systemd/system/${OPENCLOW_SERVICE}.d/notebooklm.conf"
echo "Restarting service: ${OPENCLOW_SERVICE}"
sudo systemctl restart "${OPENCLOW_SERVICE}" || truesudo systemctl daemon-reload
echo "Installed systemd drop-in: /etc/systemd/system/${OPENCLOW_SERVICE}.d/notebooklm.conf"
echo "Restarting service: ${OPENCLOW_SERVICE}"
sudo systemctl restart "${OPENCLOW_SERVICE}" || true
else
echo "No --service provided. Skipping systemd drop-in."
fifi
sudo usermod -aG openclaw "${TARGET_USER}" || true
sudo chgrp openclaw "${AUTH_FILE}"
sudo chmod 0640 "${AUTH_FILE}"
if [[ -n "${OPENCLOW_SERVICE}" ]]; then
sudo mkdir -p "/etc/systemd/system/${OPENCLOW_SERVICE}.d"- metadata.json
```
Create one JSON file named `notebooklm-auth.json`:
```json
{59/59 vendors flagged this skill as clean.