ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NotebookLM API

v0.3.2

Complete API for Google NotebookLM - full programmatic access including features not in the web UI. Create notebooks, add sources, generate all artifact type...

0· 68·0 current·0 all-time
by@lmanchu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim a NotebookLM API and the SKILL.md instructs installing a notebooklm CLI client and using Google OAuth—this is consistent. One oddity: SKILL.md tells the user to “install the Claude Code skill” after installing the client; that dependency is not explained in the registry metadata and is unexpected but may be an integration step.
!
Instruction Scope
The instructions reference reading/writing ~/.notebooklm (context.json), configuring NOTEBOOKLM_HOME, and using NOTEBOOKLM_AUTH_JSON (inline auth JSON). They list many commands that the agent may run automatically, including `notebooklm source add` (which can add/upload files or URLs) and `notebooklm create`. Allowing those to run without confirmation gives the agent ability to read local files and upload them to NotebookLM; the SKILL.md also advises storing auth tokens/ storage_state.json contents in an env var. These behaviors are within the claimed purpose but expand scope to accessing local files and persistent credentials.
Install Mechanism
This is an instruction-only skill; no install spec in the registry. The SKILL.md recommends installing from PyPI or a specific GitHub release tag and explicitly warns against using main—both reasonable and lower-risk than arbitrary downloads.
!
Credentials
Registry metadata shows no required env vars, but SKILL.md documents NOTEBOOKLM_HOME and NOTEBOOKLM_AUTH_JSON (sensitive) as important for CI and non-interactive auth. The skill should have declared these env vars and indicated that auth JSON contains tokens (storage_state.json). Asking for inline auth JSON without declaring it is a mismatch and a potential secret-handling risk.
!
Persistence & Privilege
The CLI writes persistent state to ~/.notebooklm and a context.json file; the SKILL.md warns about context collisions and recommends per-agent isolation. More concerning: the skill's autonomy rules permit many commands to run automatically (including adding sources), which may cause the agent to read/upload local files and persist auth context without explicit user confirmation. The skill is not marked always:true and doesn't change other skills, but its allowed automatic actions grant it broad file and network interactions.
What to consider before installing
This skill appears to be a wrapper/guide for a NotebookLM CLI client and is not obviously malicious, but it has several mismatches and privacy risks you should consider before installing: 1) The SKILL.md references sensitive env vars (NOTEBOOKLM_AUTH_JSON) and a config directory (~/.notebooklm) but the registry metadata declares none—expect to provide and protect auth tokens (storage_state.json-like data). 2) The instructions allow the agent to run commands automatically (including `source add` and `create`) that can read local files and upload them; if you install, restrict automatic actions or require confirmations for any file uploads. 3) Use isolation: set NOTEBOOKLM_HOME to a dedicated directory (or /tmp/agent-$ID) when experimenting and do not expose auth JSON in plaintext in shared CI without secret management. 4) Verify the pip package source (use PyPI or a specific GitHub release tag as recommended) and inspect what `notebooklm skill install` does (it references a separate “Claude Code” skill). If you need stronger assurances, request the upstream package repository, the exact commands `notebooklm skill install` runs, or a declared list of env vars in the registry before proceeding.

Like a lobster shell, security has layers — review code before you run it.

googlevk97dt79yj248nfrhpzaw4846q183bgv2knowledge-basevk97dt79yj248nfrhpzaw4846q183bgv2latestvk97dt79yj248nfrhpzaw4846q183bgv2notebooklmvk97dt79yj248nfrhpzaw4846q183bgv2pcclawvk97dt79yj248nfrhpzaw4846q183bgv2researchvk97dt79yj248nfrhpzaw4846q183bgv2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments