ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notebooklm Integration

v1.0.1

Integrate Google NotebookLM capabilities into your workflow via the unofficial notebooklm-py library. Use when you need to: create/manage notebooks, import s...

1· 393·0 current·0 all-time
byom yarewara@oki3505f
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (NotebookLM integration) match the instructions: installing/using notebooklm-py to create/manage notebooks, import sources, run queries, and generate artifacts. Required capabilities and commands shown in SKILL.md are consistent with that purpose.
Instruction Scope
SKILL.md stays within the NotebookLM domain: examples show creating notebooks, adding sources, running research, and exporting artifacts. It instructs users to authenticate with Google via a browser flow and to provide file paths or Drive IDs when importing. It does not instruct the agent to read unrelated system files or to exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill (no install spec). The doc recommends pip install notebooklm-py and references a GitHub repo (https://github.com/teng-lin/notebooklm-py). Installing a third‑party PyPI package or cloning a GitHub repo is common/expected, but pip installs execute arbitrary Python code from an external source — review the package/repo before installing.
Credentials
The skill declares no required env vars or credentials. However, it explicitly depends on your Google credentials (browser auth flow) and the library uses undocumented Google APIs. That is proportionate to the stated goal, but it does require granting the library access to Google account/Drive content — a meaningful privilege that users should consider.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and provides no install that writes persistent agent configuration. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
Assessment
This skill appears to do what it says (it wraps the unofficial notebooklm-py client), but take precautions before installing or using it: 1) Review the notebooklm-py source code on GitHub and the PyPI package to ensure there's no unexpected network calls or credential handling. 2) Use a dedicated virtual environment and, if possible, a non-sensitive Google account or service account with least privileges when authenticating. 3) Be aware the library uses undocumented Google APIs — it may break or behave unpredictably and could surface Drive or other private content to the library. 4) Prefer running the code in a sandbox and inspect network activity if you have concerns. If you need stronger assurance, request an official NotebookLM/Google-supported client or additional transparency from the package maintainer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdjtfx2zfmf1khv743gwr9n82x2n6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments