ClawHub

noteboklm

Security checks across malware telemetry and agentic risk

Overview

This is a coherent NotebookLM integration, but it gives broad Google account and sharing authority with loose activation and insufficient consent boundaries.

Install only if you are comfortable using an unofficial NotebookLM integration with a Google account. Use a low-risk or dedicated account where possible, verify the exact notebooklm-py package/version installed, and require manual approval before importing local or Drive files, running web research imports, exporting artifacts, saving notes, or changing sharing settings. Do not use it with confidential, regulated, or sensitive documents unless you intend that data to be processed and retained by NotebookLM/Google under that account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises uploading URLs, PDFs, Drive content, audio/video/images, web research, exports, and sharing via an unofficial integration, but it does not clearly warn that user-provided content and metadata will be transmitted to Google services and possibly processed by undocumented APIs. In an agent context, this omission can mislead users into sending sensitive or regulated data to third parties without informed consent, increasing privacy, compliance, and data-governance risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises activation on broad intents like creating podcasts, presentations, quizzes, and summarizing documents. Without stronger boundaries or disambiguation, an agent may invoke this skill for many ordinary requests and then proceed to use external services, authenticate, create notebooks, upload sources, or initiate networked actions the user did not explicitly request.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The intent detection section lists many generic research and content-creation requests but provides no exclusions, precedence rules, or negative examples. This increases the chance of accidental activation on common user prompts, causing unintended data transfer to NotebookLM or execution of account-scoped operations in a third-party service.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The sharing section documents commands that can make notebooks public, adjust visibility, and add collaborators, but it does not prominently warn about privacy, confidentiality, or irreversible exposure risks. If an agent follows these instructions casually, sensitive uploaded documents, notes, or chats could be exposed to external parties or broadly shared without informed user consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal