Notebooklm Integration
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for NotebookLM automation, but it asks the agent to use an unofficial library with Google account access for Drive, notebook deletion, sharing, and exports without clearly declared credentials or safety boundaries.
Install only if you are comfortable giving an unofficial NotebookLM library access through your Google login. Use a non-sensitive or dedicated Google account if possible, review the package before installing, and require the agent to ask before deleting, sharing, exporting, or importing Drive/local documents.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may act through your Google account when creating, importing, exporting, or sharing NotebookLM content.
The skill requires Google account authentication, while the provided metadata declares no primary credential; the artifacts do not clearly bound which Google account access is used or how permissions are constrained.
Authentication: Uses your Google credentials - ensure you're logged in via browser auth flow
Use a dedicated Google account or limited-scope workspace when possible, and require explicit approval before any Drive, sharing, deletion, or export action.
A mistaken or overbroad invocation could delete notebooks, expose notebook contents to others, or create/export files in your Google account.
The documented workflows include destructive, sharing, and account-mutating actions, but the skill does not define approval gates, scope limits, or rollback guidance for those operations.
Create, list, rename, or delete NotebookLM notebooks ... Download all generated artifacts locally or export to Google Docs/Sheets ... Share notebooks with specific permissions and view level controls
Before using this skill, set a rule that the agent must ask for confirmation before deleting, sharing, exporting, or changing permissions.
You are trusting an external package to interact with your Google session and NotebookLM data.
The integration depends on an unofficial third-party package/repository and the instructions do not pin a version or provide reviewed code in the artifact set.
unofficial `notebooklm-py` Python library ... pip install notebooklm-py ... git clone https://github.com/teng-lin/notebooklm-py.git
Review the package source and pin a known-good version before installing, especially if using a sensitive Google account.
Private documents or untrusted web content may influence future NotebookLM answers and remain stored in the notebook.
The skill is designed to import external and local/Drive content into persistent notebooks used for later answers; that is expected for NotebookLM, but users should treat imported content as persistent context.
Import various source types (URLs, YouTube videos, PDFs, text files, Google Drive, etc.) ... Ask questions and chat with your notebooks using custom personas
Only import intended sources, separate sensitive projects into dedicated notebooks, and review sources before relying on generated answers.