ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NotebookLM Content Creation (J-Claw)

v2.0.0

Create and monitor NotebookLM Studio content — Audio Overview, Video Overview, Infographics, and Slides — via the notebooklm-mcp-cli. Use when user wants to...

0· 40·0 current·0 all-time
bySkywalker326@skywalker-lili
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md explicitly requires the third‑party CLI 'notebooklm-mcp-cli' (nlm) and an authenticated session ('nlm login'), but the skill metadata lists no required binaries or primary credential. That mismatch makes the declared requirements inconsistent with the runtime instructions.
!
Instruction Scope
Instructions include commands to create notebooks and upload files (nlm source add --file <report_path> --wait) and specify a triggered mode that explicitly skips user confirmation. That allows the agent to read and upload arbitrary filesystem paths supplied by upstream triggers, which is broader than what the metadata declares and risks unintentional data exfiltration.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. The only install requirement is an external CLI dependency noted in SKILL.md (not declared in metadata).
!
Credentials
The skill requests no environment variables or credentials in metadata but relies on an already-authenticated nlm CLI and reads/writes user paths (e.g., ~/ObsidianVault and arbitrary --file <report_path>). That lack of declared credentials combined with file access is disproportionate and opaque to reviewers.
!
Persistence & Privilege
always:false (good) and autonomous invocation is allowed by default. Combined with the triggered-mode auto-execution (which skips confirmation) this permits the agent to autonomously upload local files when invoked by upstream skills — increasing blast radius compared with an explicit-confirmation-only workflow.
What to consider before installing
Before installing, verify the nlm CLI requirement and that it runs in a controlled, authenticated environment. Confirm whether you trust upstream skills to provide file paths because the skill's 'triggered mode' will skip user confirmation and run nlm source add --file <report_path>, which can upload arbitrary local files. Ask the author to (1) declare the nlm CLI as a required binary in metadata, (2) require explicit user confirmation by default (or at least validate report_path against an allowlist), and (3) document exactly where artifacts are written. If you plan to use this in automation, test it in a sandbox with non-sensitive data and audit logs enabled.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726mcwxndkynj33mgeacpawn83xa87

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments