Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NotebookLM Skill
v1.0.1Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automati...
⭐ 3· 1.6k·7 current·8 all-time
byDeheng Huang@magicseek
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an instruction-only NotebookLM helper but actually packages a large multi-file codebase (21+ scripts and helpers). That by itself is not malicious, but the registry metadata vs. included files is inconsistent. The feature set (browser automation, API wrapper, file uploads, Z-Library downloader) aligns with the README/SKILL.md, but the presence of a Z-Library download path and downloader module is unexpected for many users and raises legal/ethical concerns distinct from security.
Instruction Scope
Runtime instructions direct automatic creation of a .venv, pip/npm installs, launching an agent-browser daemon (headed browser) for Google login, and persisting auth tokens/cookies to data/*. The skill also supports folder sync and an upload-zlib command that will download from third-party sites. While these actions are relevant to NotebookLM integration, they require broad local file access, network downloads, and persistence of sensitive credentials—behaviors that deserve explicit user consent and review before execution.
Install Mechanism
There is no registry 'install' spec, but scripts/run.py auto-creates a virtualenv and runs pip/npm installs and browser installation steps. This means code and third-party packages will be fetched and executed locally (including Playwright/agent-browser assets). That is expected for browser-automation skills but increases risk compared to a pure instruction-only skill because remote packages and binaries will be downloaded and executed.
Credentials
The registry metadata lists no required environment variables, but the code/documentation accept and persist Google auth tokens and cookies (NOTEBOOKLM_AUTH_TOKEN, NOTEBOOKLM_COOKIES) and use settings like AGENT_BROWSER_OWNER_PID, TIMEOUT_SECONDS, proxy env vars. Persisting NotebookLM/Google tokens to data/auth/google.json is sensitive and proportionate for a client, but users should be aware the skill stores and can reuse credentials. The optional Z-Library auth and downloader further broaden required network access and credentials scope for certain features.
Persistence & Privilege
always:false (good). The skill runs a long-lived agent-browser daemon while in use and persists session/cookie/token files in data/ and data/agent_browser/storage_state.json. It does not appear to request elevated system-wide privileges or change other skills' configs, but the persisted credentials and daemon socket files create a longer-lived access surface that should be considered when granting the skill autonomous invocation.
What to consider before installing
This skill is functionally coherent as a NotebookLM integration, but it contains a real codebase (not just prose) that will auto-create a virtualenv, install Python/Node dependencies, launch a local browser daemon, persist Google auth tokens/cookies to disk, and can download from third-party sources (including a Z-Library downloader). Before installing: 1) Review the repository source (especially auth_manager.py, agent_browser integrations, and zlibrary/downloader.py). 2) Consider using a dedicated Google account for automation and do not commit the data/ directory. 3) If you are uncomfortable with automatic dependency installs or token persistence, run the code in a sandbox or inspect/modify run.py to control installs. 4) Be aware of legal/ethical issues around Z-Library downloads. 5) If you allow autonomous invocation, remember a malicious or buggy skill with persisted credentials and a long-lived daemon has broader impact—limit exposure accordingly.Like a lobster shell, security has layers — review code before you run it.
latestvk97184x0j5h9rzz99rk1ts0z2x81jem5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.