ClawHub

NotebookLM Content Creation (J-Claw)

Security checks across malware telemetry and agentic risk

Overview

This skill fits its NotebookLM automation purpose, but it can upload local files and run background notifications without enough per-run user control.

Review before installing. Use it only if you trust the NotebookLM account, the upstream skills that may trigger it, and the Discord/OpenClaw messaging path. Confirm the exact local file path, notebook name, content type, and output destination before any upload or background run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill embeds a direct outbound messaging capability (`openclaw message send`) inside a background script, which expands its behavior beyond NotebookLM content generation into autonomous cross-channel notification. That creates an unnecessary data egress path tied to chat metadata and can leak task status or notebook names to Discord without an explicit user opt-in at execution time.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The script is documented as generic for audio, video, infographics, and slides, but it always executes `nlm download audio` and sends podcast-specific completion messages. In practice, this can download the wrong artifact type, mis-handle outputs, and cause users or upstream automation to trust incorrect results, which is dangerous when the skill runs autonomously in triggered mode.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list includes broad natural-language phrases such as generic content-creation requests, increasing the chance that the skill activates when the user did not intend to invoke NotebookLM automation. Because the skill can create notebooks, upload sources, and start long-running background jobs, unintended invocation can lead to surprising actions on user data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Triggered mode instructs the agent to create a notebook and upload a local file automatically whenever parameters are present, skipping a user-facing confirmation. That can exfiltrate local documents into NotebookLM or perform unintended state changes based on upstream skill chaining or malformed inputs, making this especially risky in a multi-skill environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill launches a background process that later sends notifications to Discord using the current chat ID, but this outbound communication behavior is not clearly disclosed in the skill description. Hidden notification flows are privacy-relevant because they transmit notebook/task metadata to an external channel without a fresh runtime consent checkpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal