Back to skill

Security audit

notebooklm-cli

Security checks across malware telemetry and agentic risk

Overview

This NotebookLM skill is mostly coherent, but its login flow uses Chrome session-cookie extraction without enough security, storage, or deletion detail.

Install only if you are comfortable letting this tool access authenticated Chrome session cookies for NotebookLM. Prefer using an isolated Chrome profile or test Google account, and verify where credentials are stored, whether they are protected, and how to delete them before using `nlm login`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented authentication flow explicitly says it launches Chrome and extracts session cookies, which is a sensitive credential-handling mechanism. Even if intended for legitimate automation, using browser session-cookie extraction without any warning, scope limitation, storage/retention guidance, or consent language creates real risk of credential theft, session hijacking, or unsafe reuse of authenticated sessions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly states that `nlm login` authenticates by launching Chrome and extracting session cookies, but it provides no privacy or security warning about the sensitivity of browser session data. Cookie extraction is a high-trust action that can expose authenticated sessions if mishandled, so omitting a warning increases the chance of unsafe use or operator surprise.

Missing User Warnings

Low
Confidence
80% confidence
Finding
`nlm research import` imports discovered sources into a notebook, but the reference does not warn that this may pull external, potentially untrusted content into the workspace. While not an exploit by itself, lack of notice can lead users to ingest misleading, sensitive, or policy-violating material without review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly tells users to paste `nlm --ai` output into external AI assistants, but provides no warning to review or sanitize the content first. CLI-generated documentation can contain operational details, account/profile information, environment-specific examples, or other sensitive context that may be unnecessarily disclosed to third-party AI services, creating a data leakage risk.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
nlm login
```

Launches Chrome, navigates to NotebookLM, and extracts session cookies. Requires Google Chrome installed.

### List Notebooks
Confidence
89% confidence
Finding
cookies. Requires Google Chrome

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.