X To Notebooklm
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but its script builds shell commands from user-controlled inputs, which could let a crafted URL or option run local commands.
Review before installing. If you use it anyway, only pass simple trusted URLs and notebook values, verify the NotebookLM CLI dependency and authenticated account, and delete temporary files after use. The safest path is to wait for a version that removes shell-string execution and uses safe argument handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted URL, notebook name, notebook ID, or related environment value could run arbitrary commands on the user's machine when the skill is invoked.
The script executes shell command strings and inserts values derived from command-line or environment inputs. Quoting with double quotes is not sufficient protection against shell metacharacters or command substitution.
const output = execSync(command, { ... });
const result = execCommand(`curl -s "${jinaUrl}"`, timeout);
`node "${NOTEBOOKLM_CLI_PATH}" create "${notebookName}" --json`Replace execSync(command string) with fetch for web requests and execFile/spawn argument arrays for CLI calls; validate URLs and notebook identifiers; reject shell metacharacters; avoid running this version on untrusted input.
The skill can add notebooks and sources to the Google/NotebookLM account currently authenticated in the NotebookLM CLI.
The skill relies on an authenticated NotebookLM account and performs account mutations by creating notebooks and uploading sources. This is purpose-aligned and disclosed, but it is still delegated account authority.
NotebookLM CLI - Installed and authenticated (run `notebooklm login` to authenticate) ... Create Notebook - Automatically create a new NotebookLM Notebook ... Upload Article
Use the intended NotebookLM account, prefer an explicit existing notebook ID when possible, and review the content before uploading.
The behavior also depends on whatever local NotebookLM CLI file exists at that path or is supplied through the environment.
The script executes a separate local NotebookLM CLI skill that is not included in this package or installed by an install spec. The dependency is disclosed, but its provenance and version are outside this artifact set.
const NOTEBOOKLM_CLI_PATH = process.env.NOTEBOOKLM_CLI_PATH || `${process.env.HOME}/.openclaw/skills/tiangong-notebooklm-cli/scripts/notebooklm.mjs`;Verify and install the NotebookLM CLI from a trusted source, pin or declare the dependency, and avoid overriding NOTEBOOKLM_CLI_PATH unless you trust the target file.
Uploaded article text may remain on the local system until manually deleted or cleaned by the operating system.
Fetched article content is written to a temporary file, and the shown success path returns after logging the path while cleanup appears only in the error path.
writeFileSync(filepath, content, 'utf-8'); ... console.log(`📄 临时文件:${tempFile}`); return { sourceId, tempFile }; } catch (error) { ... unlinkSync(tempFile); }Do not use sensitive/private content unless you are comfortable with a local temporary copy, and update the script to delete the temp file after successful upload.