Skillv1.1.0

ClawScan security

X To Notebook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 2:42 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (pushing X bookmarks into NotebookLM) and its requested binaries; the main user-sensitive action is reading browser cookies saved to ~/.openclaw/credentials/x-cookies.json, which is explained in the docs.
Guidance: This skill appears to do what it claims, but before installing you should: (1) be comfortable exporting your X browser cookies to ~/.openclaw/credentials/x-cookies.json — those cookies grant access to your account session and are sensitive; (2) verify you trust the skill source since it will read that cookie file and call twikit and mcporter locally; (3) note the skill will create and update ~/.openclaw/data/x-bookmarks-pushed.json to track pushed IDs; (4) ensure you want to install and register the NotebookLM MCP tool (mcporter/notebooklm-mcp-cli) and have Chrome for nlm login; (5) review the included Python files yourself if you want to confirm there are no surprises, especially if you plan to run auto_sync.py unattended. If any of these steps are unacceptable, do not install or run the skill.

Review Dimensions

Purpose & Capability: okName/description, scripts, and SKILL.md all consistently implement fetching X bookmarks with twikit and pushing them to NotebookLM via mcporter. Required binaries (uv, mcporter) and the notebookmcp dependency are appropriate for the described flow. Minor doc mismatch: README initially says bookmarks are pushed as URL sources while SKILL.md and changelog state tweets are pushed as text sources (the code pushes text).
Instruction Scope: okRuntime instructions are specific and bounded: list folders, fetch bookmarks, match to notebooks, push via mcporter, mark pushed. They reference only the cookie file and local pushed-IDs file needed for operation; there are no instructions to read unrelated system files or to send data to external endpoints beyond twikit/mcporter calls.
Install Mechanism: okNo install spec that downloads arbitrary code; the package contains Python scripts that are run via the uv tool. Prerequisite installs (twikit, notebooklm-mcp-cli) are third-party tools but are stated explicitly. No suspicious remote download URLs or extract steps are present in the skill bundle itself.
Credentials: noteThe skill does not request environment variables or external credentials, which is coherent. However it requires the user to export their X session cookies to ~/.openclaw/credentials/x-cookies.json (sensitive). The registry metadata listed no required config paths, but the code and SKILL.md clearly rely on that cookie path and on a local pushed-IDs file (~/.openclaw/data/x-bookmarks-pushed.json). This should be understood as necessary for the feature but is a privacy-sensitive local dependency.
Persistence & Privilege: okalways is false and the skill does not modify other skills or system-wide settings. It writes to ~/.openclaw under its own paths (credentials and data) which is normal for user tools. The presence of an auto_sync.py mode indicates it can be run unattended (cron), but the skill does not force permanent/invisible installation.