ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anything To Notebooklm

v1.0.0

多源内容智能处理器:支持微信公众号、网页、YouTube、PDF、Markdown等,自动上传到NotebookLM并生成播客/PPT/思维导图等多种格式

2· 406·7 current·9 all-time
by@sonicbotman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md, README, and scripts consistently describe using markitdown for conversions, the notebooklm CLI for uploading/generation, and an external MCP (wexin-read-mcp) for Weixin scraping — these are coherent with the stated purpose. However the skill metadata declares no required binaries or env vars, while the instructions and install scripts clearly expect notebooklm, markitdown, Playwright, and the MCP server; that mismatch (metadata says 'none' but runtime requires several CLIs/libs) is an inconsistency the user should note.
!
Instruction Scope
Runtime instructions ask you to run/clone a local MCP server that the docs explicitly describe as '绕过反爬虫' (bypass anti-scraping). They also instruct adding an MCP entry into ~/.claude/config.json so the agent can start that server. The skill uploads arbitrary local files and URLs to NotebookLM (an external service) which could leak sensitive data if used carelessly. The workflow is powerful and potentially privacy-sensitive; the MCP bypass behavior is an ethical/legal flag to review.
Install Mechanism
No packaged install spec in registry, but install.sh clones a third-party GitHub repo (Bwkyd/wexin-read-mcp) and pip-installs dependencies (including markitdown[all] and notebooklm-py from git). This is a common pattern but still moderate risk: you are pulling and executing code from external repos and installing Playwright (which downloads browser binaries). Review the cloned repositories and requirements before running install.sh.
!
Credentials
The skill declares no required environment variables, but it implicitly requires NotebookLM authentication (the user must run 'notebooklm login') and reads/modifies (manual guidance) your Claude config at ~/.claude/config.json to register the MCP server. Uploading files to NotebookLM or using web-search aggregation will send data to external services. The absence of declared credentials in metadata is misleading; the user must supply NotebookLM credentials and will expose uploaded content to Google's service.
!
Persistence & Privilege
The skill does not set always:true, nor does it auto-edit agent config, but SKILL.md/install.sh explicitly instruct the user to add a new mcpServers entry in ~/.claude/config.json pointing to the skill's local server.py. Adding that MCP entry effectively gives the skill a persistent, agent-invokable local server capability and increases the blast radius if the MCP code is malicious or buggy. Treat adding MCP entries as granting elevated local integration privileges.
What to consider before installing
What to check before installing: - Review the MCP code (wexin-read-mcp/src/server.py) before cloning/running it. The README and SKILL.md say it 'bypasses anti-crawling' — that may be legally or ethically problematic and could run arbitrary browser automation on your machine. Do not add an MCP entry to your ~/.claude/config.json unless you trust the code. - Inspect install.sh and requirements.txt: pip will install markitdown[all], Playwright, and other packages; install.sh may download browser binaries via Playwright. Run the installer in a controlled environment (container/VM) first if you are unsure. - NotebookLM is an external service. Any local files you upload (PDFs, docs, images, or arbitrary paths) will be sent to that service. Do not upload sensitive or proprietary data unless you are comfortable with NotebookLM's terms and have reviewed its privacy model. - The package metadata incorrectly lists 'no required binaries/env vars' while the scripts require notebooklm CLI, markitdown, and Playwright. Expect to need to run 'notebooklm login' and to have the notebooklm CLI available. - Prefer manual steps: clone the repos yourself, inspect server.py and the MCP repo, pip-install dependencies in a virtualenv, and only then add the MCP entry to your Claude config if you accept the risks. - If possible, test in an isolated environment (VM/container) and monitor network activity during first runs. If you lack the ability to audit the MCP code, consider avoiding enabling that component and only use the parts you can trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d01zhmbqxwpp6k58kng5p4n82wz1v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments