Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
noteboklm
v1.0.0Complete Google NotebookLM integration — add sources, ask questions, generate all Studio content (podcast, video, slide deck, quiz, flashcards, infographic,...
⭐ 0· 38·0 current·0 all-time
byNiyazi Sönmez@nikolayco
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md repeatedly instructs use of a 'notebooklm' CLI (create, source add, download, auth/login) and references the upstream library teng-lin/notebooklm-py, but the skill has no install spec, declares no required binaries, and requests no credentials. That is incoherent: a CLI-based integration normally must either bundle an installer or declare the binary dependency. README claims OpenClaw will install the library, but there is no concrete install mechanism here.
Instruction Scope
Runtime instructions direct the agent to run commands that read and write data (add local files like ./file.pdf, add Drive docs by ID, download artifacts to local filesystem, save notes), invoke interactive Google login, and manage sharing/permissions. Autonomy rules allow many mutating operations (create notebooks, add sources, ask) to run without user confirmation. The instructions thus permit access to local files and the user's Google Drive/account and the skill gives the agent discretion to import and export data — scope is broader than what the metadata declares and could enable unintended data movement.
Install Mechanism
This is an instruction-only skill (no install spec, no code files). That lowers some risk because nothing is written by the skill itself, but it also creates a gap: the SKILL.md and README expect an external 'notebooklm' CLI/library to exist (and README claims OpenClaw will install it) but no concrete, auditable install steps or trusted release URL are provided. Additionally the upstream library uses undocumented Google APIs (explicitly stated), which increases fragility and audit difficulty.
Credentials
The skill requests no environment variables or declared credentials, yet it instructs actions requiring Google account OAuth (login) and access to Drive and sources. While browser-based OAuth may be reasonable, the skill does not declare required OAuth scopes or warn about Drive permission use. The ability to add sources (including local files) and programmatically manage sharing/permissions is high-privilege relative to the lack of declared credentials and scope information.
Persistence & Privilege
always:false (expected) and the skill does not request system-wide config changes or other skills' settings. However, normal autonomous invocation combined with the skill's allowed 'autonomy rules' (create, source add, ask) could let an agent perform uploads/downloads and change NotebookLM content without prompting. This combination of autonomy and wide I/O access increases blast radius even though persistence flags themselves are not elevated.
What to consider before installing
This skill looks plausible as a NotebookLM CLI wrapper, but several things don't add up: there is no install spec for the required 'notebooklm' CLI, no declared OAuth scopes or credential requirements, and the instructions allow the agent to import local files and access Google Drive without clearly asking the user. Before installing or enabling this skill: (1) ask the publisher for a concrete install plan or a trusted upstream release URL (GitHub release) so you can audit what will be installed; (2) request the exact OAuth scopes and review them (especially Drive file read/write and sharing scopes); (3) require the skill to ask for confirmation before any source add/upload/download/share actions (change autonomy rules); (4) inspect teng-lin/notebooklm-py source code yourself or ask for a code review; and (5) avoid granting it access to sensitive local files or broad Drive permissions until you can verify origin and behavior. If you cannot verify who installs the binary or the OAuth scopes, treat this skill as high risk and do not enable it for autonomous use.Like a lobster shell, security has layers — review code before you run it.
latestvk97fc3fcpt33h8j6tqe4kzb7d583z2ee
License
MIT-0
Free to use, modify, and redistribute. No attribution required.