Back to skill
Skillv0.1.4
VirusTotal security
NotebookLM CLI Cookies · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:45 AM
- Hash
- 32b63158c89d142cfe4e17062fa1e7ebf10a876abf48749fbd5da202b2f8710d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: notebooklm-cli-cookies Version: 0.1.4 The skill is classified as suspicious due to a significant command injection vulnerability identified in `SKILL.md`. The instructions explicitly tell the AI agent to "Always execute exactly: `nlm <args>` via Exec" where `<args>` are derived from user input (e.g., Telegram `/nlm ...`). This allows an attacker to potentially inject arbitrary shell commands, leading to Remote Code Execution (RCE). While the `scripts/aws-inject-notebooklm-auth.sh` and `scripts/bootstrap_vps_systemd_one_liner.sh` handle sensitive authentication data and perform system-level modifications (including systemd persistence), these actions appear to be aligned with the stated purpose of installing and configuring the NotebookLM CLI skill, and do not show clear malicious intent like unauthorized exfiltration or backdoors.
- External report
- View on VirusTotal