ClawHub

Notebooklm Youtube Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed NotebookLM browser-automation workflow with no executable payload or hidden persistence, but users should understand it acts inside their logged-in Google session.

Install only if you are comfortable letting the agent control Chrome and create content in your logged-in NotebookLM account. Prefer a dedicated browser profile or test Google account, supervise the first run, and avoid using confidential videos, private research, or content you are not allowed to upload to NotebookLM.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README advertises a very broad, natural-language invocation phrase ('Create a NotebookLM notebook for this video: [YouTube URL]') that could match ordinary user requests and trigger the skill unintentionally. Because this skill performs browser automation in a logged-in NotebookLM session, accidental activation can cause unintended web actions, content submission, and source creation without the user clearly signaling they want automation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installation/usage guidance tells users to enable Chrome control, allow Apple Events JavaScript, and stay logged into NotebookLM, but it does not prominently warn that the skill will drive the browser and act inside an authenticated Google session. This weakens informed consent and increases the risk that users expose private notebooks, trigger unintended account actions, or misunderstand the trust boundary of the automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal