NotebookLM MCP Login

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it creates and stores reusable Google session cookies through a debug-enabled browser, so it needs careful review before use.

Install only if you intentionally want this skill to create a reusable local NotebookLM login profile from your Google session. Run it on a trusted machine, avoid shared environments while the debug browser is open, close or kill Chromium afterward, protect or delete ~/.notebooklm-mcp-cli/profiles/default/ when no longer needed, and prefer a verified uv installation method over piping a remote script into the shell.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill invokes shell commands and performs network-relevant operations, but does not declare permissions or clearly scope those capabilities. That weakens review and consent boundaries, making it easier for a user or orchestrator to run a high-trust authentication workflow without understanding that it launches a browser, connects over CDP, and writes credential material to disk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill handles Google authentication cookies, extracts them via CDP, and stores them on disk, but the description does not prominently warn that it is persisting reusable session credentials. In this context, that omission is dangerous because stolen or mishandled cookies may enable account access without re-entering credentials, and users may consent without realizing the sensitivity of the artifacts being created.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script extracts live Google/NotebookLM authentication cookies and persists them to a local profile directory, effectively storing reusable session credentials on disk. Without explicit user warning, consent, and strong storage protections, compromise of the local account or profile path could allow session hijacking and unauthorized access to the user's NotebookLM account.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Launching Chromium with a DevTools remote debugging port exposes a powerful local control interface that can inspect pages, extract cookies, and drive the browser session. In this skill, that interface is used specifically to harvest authentication material, so any local process able to reach port 9222 during the login window could potentially abuse it for credential theft or browser takeover.

External Script Fetching

Low

Category: Supply Chain
Content: which chromium-browser && which uv ``` If missing, install Chromium (`apt install chromium-browser`) and uv (`curl -LsSf https://astral.sh/uv/install.sh | sh`). ### 2. Run the login script
Confidence: 95% confidence
Finding: curl -LsSf https://astral.sh/uv/install.sh | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal