ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NotebookLM MCP Login

v1.0.0

Login to Google NotebookLM via Chrome DevTools Protocol and save auth cookies for notebooklm-mcp. Use when user asks to login, authenticate, or re-authentica...

0· 71·0 current·0 all-time
by@ou-rock
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the included script and instructions. Required binaries (chromium-browser and uv) and the script's behavior (launch Chrome with remote debugging, use CDP to extract cookies, save to ~/.notebooklm-mcp-cli) are appropriate for a NotebookLM MCP login helper.
Instruction Scope
SKILL.md and the script only instruct the agent/user to start Chromium, wait for interactive Google login, query the local CDP endpoint, and save cookies locally. The script accesses only localhost CDP and the user's notebooklm profile paths; it does not call external endpoints other than localhost and does not read unrelated system files or credentials.
Install Mechanism
There is no network install step in the skill package. The script is bundled with the skill (no downloads or archive extraction). SKILL.md suggests installing missing tools (apt for Chromium, an external installer for uv), which is reasonable and not part of the skill itself.
Credentials
The skill requests no environment variables or credentials. It writes cookies and metadata to the notebooklm-mcp CLI profile directory, which is expected for an authentication helper. No unrelated secrets or external service credentials are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and its only persistent effect is saving auth profile files under the user's notebooklm-mcp CLI profile directory — consistent with its purpose.
Assessment
This skill will open Chromium on your machine, prompt you to sign in to your Google account, then extract and save the resulting auth cookies to ~/.notebooklm-mcp-cli/profiles/default/. Before running it: (1) verify you trust the machine and environment because saved cookies grant access to your NotebookLM account; (2) ensure notebooklm-mcp-cli (uv tool) and any Python dependencies (the script imports httpx and notebooklm_tools) are installed; (3) inspect the script if you have concerns — it only talks to localhost:9222 and writes to local profile files and does not send cookies to remote servers. If you are unsure, run it in an isolated or VM environment.

Like a lobster shell, security has layers — review code before you run it.

authvk97cvy9963kwmkegbtqc87dzzx83a1cmgooglevk97cvy9963kwmkegbtqc87dzzx83a1cmlatestvk97cvy9963kwmkegbtqc87dzzx83a1cmmcpvk97cvy9963kwmkegbtqc87dzzx83a1cmnotebooklmvk97cvy9963kwmkegbtqc87dzzx83a1cm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binschromium-browser, uv

Comments