NotebookLM Content Creation
v1.0.0Create and monitor NotebookLM Studio content — Audio Overview, Video Overview, Infographics, and Slides — via the notebooklm-mcp-cli. Use when user wants to...
⭐ 0· 74·0 current·0 all-time
bySkywalker326@skywalker-lili
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the runtime instructions: all actions are calls to the notebooklm-mcp-cli (nlm) to list notebooks, create artifacts, check status, download artifacts, etc. There are no unrelated binaries or credentials requested in the registry metadata; the commands the skill runs are coherent with content-creation and monitoring.
Instruction Scope
The SKILL.md tells the agent to create task directories under /tmp and (by default) write output into a user home path (~/ObsidianVault/...). It instructs launching a background poller via nohup that will run for up to ~40 minutes, and to create logs and task.json files. The instructions also rely on an already-authenticated nlm CLI (nlm login done on the server). The doc is concrete about commands, but omits the exact notification mechanism and assumes CLI auth exists; it also uses fragile parsing (grep/sed) for JSON, which is implementation-brittle but not inherently malicious.
Install Mechanism
This is an instruction-only skill with no install spec (low risk). The SKILL.md tells the user/agent to ensure notebooklm-mcp-cli is installed (example: `uv tool install notebooklm-mcp-cli`). Because no automated install is provided, nothing will be written by the skill bundle itself — however, the suggested installer (uv tool) is external and not declared in metadata; verify that install command and source before running.
Credentials
The registry metadata declares no required env vars or credentials, which matches the bundle. However, the runtime assumes an already-authenticated nlm CLI on the host. That means the agent will act with whatever identity/permissions are present in that nlm session — confirm which account is logged in and what data that account can access. No unrelated secrets are requested.
Persistence & Privilege
The skill instructs the agent to launch a background polling script (nohup ... &), write logs and task artifacts to /tmp, and optionally write outputs to user directories. It does not set always:true and does not modify other skills. Background processes and file writes are proportionate for a monitoring task but are persistent on the host for the poll duration; review/approve this behavior before allowing autonomous invocation.
Assessment
This skill appears to do what it says, but before installing or running it: 1) Verify the host has the notebooklm-mcp-cli installed from a trusted source (the SKILL.md's `uv tool install` suggestion is not validated by the registry). 2) Check which account is authenticated via `nlm login` on the host — the skill will act with that account's privileges and could upload or download notebook data. 3) Be aware it will create files under /tmp and may write outputs to your home (default: ~/ObsidianVault/...); change the output path if you don't want that. 4) Inspect the polling script (poll.sh) before running to ensure it only calls nlm and writes local logs (no unexpected network/exfiltration steps). 5) If you prefer tighter control, run these commands interactively or in a sandbox rather than allowing autonomous/background execution.Like a lobster shell, security has layers — review code before you run it.
latestvk9742367kg5nmhanwsxff7qg5183mbgx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.