NotebookLM Ops
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent and its helper scripts may operate with your logged-in Google session for NotebookLM, and possibly other Google-accessible browser state in that profile.
The skill explicitly relies on a logged-in Google browser profile/session, but the artifacts do not clearly bound the exact profile, cookie scope, credential handling, or resulting account authority.
A one-time manual login in Chromium to Google/NotebookLM is required. After that, this skill keeps refresh automated by reusing the same browser profile/session.
Use a dedicated Chromium profile or dedicated Google account, review the helper scripts first, and require explicit user approval before auth refresh actions.
Installing the skill would depend on local scripts whose behavior and provenance are not included in this review, even though they handle sensitive auth and browser automation.
The packaged ON script is a thin wrapper that executes an absolute-path helper outside the supplied manifest, so the main startup/auth-refresh behavior is not visible in the reviewed artifacts.
/home/moltuser/clawd/scripts/notebooklm-on.sh
Do not use until the referenced helper scripts are included, pinned, or manually audited in the target environment.
If CDP or VNC are exposed beyond the intended local user, another process or user could potentially control the authenticated browser session.
The skill uses browser-debugging and remote-GUI control surfaces around an authenticated browser session, but the artifacts do not specify binding, authentication, or access-control limits.
Linux host with Chromium and CDP (`--remote-debugging-port=9222`). Virtual display stack: **Xvfb + openbox + x11vnc**.
Bind CDP and VNC to localhost or otherwise secure them, avoid shared hosts, and shut the stack down when finished.
An authenticated browser and remote GUI stack may continue running after the initial command if not explicitly stopped.
The skill intentionally starts background GUI/browser services; this is disclosed and purpose-aligned, but users should understand that services may remain active until the OFF command runs.
Start GUI/CDP stack (Xvfb + openbox + x11vnc + Chromium).
Run the OFF command after use and verify that Chromium, x11vnc, Xvfb, and openbox processes are stopped.