ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Deep Research → NotebookLM Orchestrator

v1.0.0

End-to-end orchestration: Deep Research → NotebookLM content generation. Chains gemini-deep-research and notebooklm-content-creation skills. Supports choosin...

0· 39·0 current·0 all-time
bySkywalker326@skywalker-lili
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to orchestrate gemini-deep-research → notebooklm-content-creation, which is reasonable. However the runtime instructions require additional tooling (openclaw CLI, node, python3, and the gemini extension under $HOME/.gemini) and make assumptions about the filesystem user (e.g., /home/node/ObsidianVault). None of these binaries, paths, or credentials are declared in the skill metadata, so required capabilities are under-specified and potentially incompatible with typical agent environments.
!
Instruction Scope
SKILL.md tells the agent to create /tmp task directories and write/execute shell scripts that poll services, notify via Discord, trigger the agent via 'openclaw agent', and save/download artifacts to ~/ObsidianVault. It also embeds a placeholder CHAT_ID to be injected. These instructions read/write local files, call external CLIs, and send messages — scope goes beyond a simple high-level orchestration note and prescribes concrete filesystem and network actions that are not declared or sandboxed.
Install Mechanism
No install spec (instruction-only), which is lower-risk in that nothing is pre-downloaded by an installer. However, the instructions explicitly create and execute scripts and expect installed components (node, gemini extension, openclaw CLI). Because the skill writes executable scripts to disk and expects to run them, the lack of an install manifest that documents prerequisites is a meaningful omission.
!
Credentials
The runtime expects access to Discord channel IDs/tokens via openclaw CLI, the gemini-deep-research extension files ($HOME/.gemini/extensions/gemini-deep-research), and ability to write into user home directories (e.g., /home/node/ObsidianVault). The skill declares no required environment variables, binaries, or config paths to justify these accesses. That mismatch means the skill may silently fail or — worse — attempt network/credentialed actions without the user explicitly consenting or knowing which secrets are used.
!
Persistence & Privilege
The instructions create persistent artifacts (task directories and polling scripts) and urge background polling that triggers agent invocations. While the skill is not marked always:true, it prescribes creating long-running or recurring processes that can persist on disk and re-trigger the agent; that increases blast radius and should be explicitly declared and consented to.
What to consider before installing
This skill is an orchestration recipe but its SKILL.md assumes many local tools, credentials, and filesystem locations that are not declared in the metadata. Before installing or enabling it, verify the following: (1) Do you have the gemini-deep-research and notebooklm-content-creation skills/extensions installed and where exactly (the script expects $HOME/.gemini/extensions/...)? (2) Is the openclaw CLI installed and configured to send Discord messages and trigger agents? If not, the scripts will fail or may attempt to perform networked actions once provided credentials. (3) Are you comfortable with the skill writing executable scripts to /tmp and to your home (~/ObsidianVault) and running background polling for up to 40 minutes per artifact? (4) Confirm which user account the agent runs as (the doc references /home/node) and whether that account has access to the intended folders. (5) Ideally ask the skill author to: a) declare required binaries and env vars (openclaw, node, python3, any Discord tokens), b) avoid hard-coded home paths or make saves opt-in with explicit path confirmation, and c) remove or clearly document background-polling scripts and agent triggers so you can decide whether to run them manually or in a sandbox. If you cannot verify these points, treat the skill cautiously or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk979bry94xehasxyw440319yjh83xdg0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments