NotebookLM Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s NotebookLM purpose is coherent, but it stores Google session cookies/tokens and runs a persistent browser/dependency setup that is not reflected in the registry’s declared credentials or requirements.
Review this skill before installing if you are uncomfortable with persistent Google session cookies, local browser automation, or first-run dependency installation. Prefer a dedicated Google account, avoid uploading sensitive folders by mistake, and clear the skill’s data/auth files when you no longer need it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill can leave Google NotebookLM session material on disk; if those files are exposed, someone may be able to use the associated NotebookLM session.
This shows the skill handles sensitive Google session credentials. The registry metadata declares no primary credential and no env vars, so the credential/session authority is under-disclosed to installers.
NotebookLM API credentials (token + cookie header) are persisted to `data/auth/google.json` on demand, or supplied via environment variables.
Use a dedicated Google account if possible, restrict permissions on the skill data directory, review the source before logging in, and clear auth data when you are done.
A local browser automation session may remain usable after a command finishes, and cached browser state can persist until cleaned up.
The skill intentionally keeps an authenticated browser session available across commands and restarts. This is purpose-aligned, but users should notice the persistence.
The daemon keeps cookies/storage in memory for subsequent commands. Cookies and local storage are cached to `data/agent_browser/storage_state.json` for reuse after daemon restarts.
Stop the daemon and clear cached auth state when finished, especially on shared machines.
Running the skill may install local dependencies before executing the requested command.
The skill bootstraps dependencies during normal use even though the registry reports no install spec. This is disclosed and purpose-aligned, but it expands what happens on first invocation.
First run creates `.venv` and installs Python/Node.js dependencies
Install from a trusted source, inspect dependency files where available, and run the first setup in an environment you are comfortable modifying.
A mistaken command could upload the wrong local files or delete NotebookLM content.
The skill exposes Google NotebookLM mutation and upload operations. These are consistent with notebook management, but they can change or remove account data.
`delete [--id ID]` | Delete a notebook ... `upload <folder>` | Sync a folder of files to NotebookLM ... `source-delete <source-id>` | Delete a source
Confirm notebook IDs and target folders before running upload or delete commands, and use dry-run options for folder sync where possible.