notebooklm-lore
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: notebooklm-lore Version: 0.1.1 The skill bundle provides a standard wrapper for installing and configuring the 'Lore' NotebookLM automation toolkit. The instructions in SKILL.md explicitly direct the agent to avoid automating sensitive login processes and warn against exfiltrating or committing session data (e.g., storage_state.json). The installation steps using pip, Playwright, and uvx are consistent with the tool's documented purpose, and no malicious patterns or harmful prompt injections were detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The code that actually runs may change outside this skill and was not available for review in this artifact set.
The skill delegates installation and runtime behavior to external GitHub/Python package sources that are not bundled or pinned in the reviewed artifacts.
Repo: https://github.com/prantikmedhi/lore ... Clone or update the repo. ... pip install -e . ... uvx ... --from notebooklm-skill
Inspect the Lore repository and MCP package before use, prefer pinned versions or commits, and install in a virtual environment.
After login, the local tool and MCP server may be able to access or act within the user's NotebookLM account.
The integration depends on a user-authenticated NotebookLM session, which grants account-level access to the installed tooling, although the instructions keep login user-directed and warn against exposing session data.
NotebookLM auth is interactive. The agent must ask the user to run: python3 -m notebooklm login ... Do not print, copy, or commit any auth/session state.
Only authenticate accounts you intend the tool to use, avoid sharing session files, and revoke or clear the session if you no longer trust the installation.
Once configured, the agent may send requests through the MCP server that interact with NotebookLM and related data.
The skill instructs enabling an MCP server, which can expose NotebookLM-related operations to the agent through an additional tool boundary.
Use the repo’s `.mcp.json` (preferred) or add an equivalent MCP server entry ... "command": "uvx", "args": ["--from", "notebooklm-skill", "notebooklm-mcp"]
Enable the MCP server only when needed, review the MCP server package, and understand which NotebookLM operations it exposes.