Back to skill
Skillv1.0.0
ClawScan security
NotebookLM PPT · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 11:54 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match its stated purpose (generate PPTs via a NotebookLM CLI) but there are a few mismatches and operational risks you should confirm before installing.
- Guidance
- Before installing or running this skill: (1) Verify the pip package 'notebooklm-mcp-cli' on PyPI/GitHub to ensure it's the legitimate NotebookLM client and not a typo-squatted package; prefer installing from a vetted source or inspecting the package code. (2) Confirm what authentication the nlm CLI requires (API key, OAuth, local creds) — the skill metadata does not declare required env vars but the SKILL.md calls 'nlm doctor', so auth is required. (3) Be cautious about the nlm source add --url step: the CLI will fetch remote documents you point to; do not point it to sensitive internal URLs unless you trust the tool. (4) The SKILL.md uses an unspecified 'message --filePath' command to send the PPTX — confirm what messaging system/credentials that uses and whether it will transmit files externally. (5) Run pip installs in an isolated environment (venv/container) and avoid running as root. (6) If you need higher assurance, request a homepage/source repo for the skill and ask the publisher to declare required credentials and the exact external package/CLI used.
Review Dimensions
- Purpose & Capability
- okThe name/description claim to generate PPTs using a NotebookLM CLI and the SKILL.md shows exactly that workflow (install CLI, create notebook, add source, query with template, create slides, download). Requiring a CLI (notebooklm-mcp-cli) is coherent with the stated purpose.
- Instruction Scope
- noteInstructions are specific and constrained to creating notebooks and slides with the nlm CLI and to using only the supplied templates. They direct fetching external source documents via nlm source add --url (i.e., the CLI will fetch remote content) and instruct copying generated pptx into ~/.openclaw/media/inbound/ and sending via an unspecified 'message' command. The SKILL.md also requires 'authentication configuration' (nlm doctor) but does not declare which credentials are needed. These are not obviously malicious but are sources of ambiguity and data-exposure risk (remote fetches and outbound messaging).
- Install Mechanism
- noteThis is an instruction-only skill (no install spec in registry). The runtime instructions tell the user/agent to run pip install notebooklm-mcp-cli. Installing a third-party PyPI package is common but carries moderate risk if the package is untrusted or a typo-squatted name; the skill metadata does not provide a homepage or source repo to verify the package.
- Credentials
- concernThe metadata declares no required environment variables or credentials, but the instructions explicitly require that the nlm CLI be authenticated (nlm doctor). The skill therefore implicitly needs NotebookLM credentials or CLI auth configuration and possibly messaging credentials for the 'message' command — this mismatch (undeclared credentials) weakens transparency and should be clarified before use.
- Persistence & Privilege
- okThe skill does not request always: true and does not ask to modify other skills or system-wide settings. It only writes output to a user-scoped inbound media directory (~/.openclaw/media/inbound/), which is consistent with producing and sending a generated file. The agent-autonomy defaults are unchanged (normal).