← Back to Skills Marketplace
lhquangit

NotebookLM CLI Cookies

by lhquangit · GitHub ↗ · v0.1.4
cross-platform ⚠ suspicious
1183
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install notebooklm-cli-cookies
Description
Search and answer questions over documents already uploaded to NotebookLM using the nlm CLI. Use when users ask to find information, summarize sources, or query a specific NotebookLM notebook.
Usage Guidance
This skill is functionally coherent but includes powerful helper scripts that: (1) accept and write your NotebookLM Google cookies (cookies.json/metadata.json); (2) can pull that auth JSON from an AWS Secrets Manager secret if you provide NOTEBOOKLM_AUTH_SECRET_ID and AWS credentials; and (3) can install packages and create systemd drop-ins on your VPS. Before installing or running the bootstrap: - Inspect the scripts top-to-bottom and run them only on machines you control. - Do not run the bootstrap on shared or untrusted hosts. - If you will use the AWS secret path, grant the minimal IAM permissions needed (secretsmanager:GetSecretValue) scoped to the specific secret; do not reuse high-privilege AWS credentials. - Keep auth JSON and cookies out of version control; follow the docs' recommendations for file permissions. - If you only need the skill for ad-hoc local queries, avoid running the systemd/bootstrap flow and instead manually place cookies.json/metadata.json into NOTEBOOKLM_MCP_CLI_PATH and set that env var. - If unsure about the author/source (owner ID unknown, no homepage), prefer manual setup over running the provided bootstrap.
Capability Analysis
Type: OpenClaw Skill Name: notebooklm-cli-cookies Version: 0.1.4 The skill is classified as suspicious due to a significant command injection vulnerability identified in `SKILL.md`. The instructions explicitly tell the AI agent to "Always execute exactly: `nlm <args>` via Exec" where `<args>` are derived from user input (e.g., Telegram `/nlm ...`). This allows an attacker to potentially inject arbitrary shell commands, leading to Remote Code Execution (RCE). While the `scripts/aws-inject-notebooklm-auth.sh` and `scripts/bootstrap_vps_systemd_one_liner.sh` handle sensitive authentication data and perform system-level modifications (including systemd persistence), these actions appear to be aligned with the stated purpose of installing and configuring the NotebookLM CLI skill, and do not show clear malicious intent like unauthorized exfiltration or backdoors.
Capability Assessment
Purpose & Capability
The skill's stated purpose (query NotebookLM via the nlm CLI) matches the declared runtime requirement (nlm binary and NOTEBOOKLM_MCP_CLI_PATH). However included helper scripts perform system bootstrap, install packages, and optionally fetch secrets from AWS; these system-level capabilities are broader than the simple query purpose and are not declared in the minimal metadata.
Instruction Scope
SKILL.md runtime instructions are narrowly scoped to running nlm and checking NOTEBOOKLM_MCP_CLI_PATH, and explicitly instruct not to use web or local files beyond NotebookLM. But the repository also ships injector and bootstrap scripts that read/write auth JSON, may call aws CLI, and will modify system configuration when executed. Those scripts introduce additional runtime behaviors that are not covered in the SKILL.md 'hard rules' and are therefore out-of-band relative to the runtime instructions.
Install Mechanism
There is no automatic install spec, but the provided bootstrap script will run apt-get, pipx/pip installs, npm/pnpm installs, create systemd drop-ins, and add groups/users — actions requiring sudo and affecting system state. While reasonable for a self-hosted VPS installation, these are high-impact operations and should not be executed without reviewing the script and running it only in a trusted environment.
Credentials
The skill metadata declares only NOTEBOOKLM_MCP_CLI_PATH, but the injector/bootstrap scripts accept and use multiple other inputs (NOTEBOOKLM_AUTH_SECRET_FILE, NOTEBOOKLM_AUTH_SECRET_JSON, NOTEBOOKLM_AUTH_SECRET_ID and AWS_REGION/AWS_DEFAULT_REGION, NOTEBOOKLM_AUTH_FILE, etc.). Those inputs can grant access to sensitive Google cookies and allow the script to fetch secrets from AWS Secrets Manager — privileges that are sensitive and should be explicitly declared and scoped (least privilege).
Persistence & Privilege
The bootstrap script can install a helper injector, modify ~/.openclaw/openclaw.json to inject environment variables, create /etc/openclaw/notebooklm-auth.json, change group membership, and install a systemd drop-in that runs the injector on service start. Although the skill itself is not flagged always:true, these actions give the skill persistent integration into system services and require careful review before use.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install notebooklm-cli-cookies
  3. After installation, invoke the skill by name or use /notebooklm-cli-cookies
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.4
Update Bootstrap - fix bad substitution.
v0.1.3
Update GUIDELINE.
v0.1.2
Stabilize installation flow with pipx/jq and simplified bootstrap.
v0.1.1
Add VPS systemd bootstrap; support auth file input.
v0.1.0
Initial release
Metadata
Slug notebooklm-cli-cookies
Version 0.1.4
License
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is NotebookLM CLI Cookies?

Search and answer questions over documents already uploaded to NotebookLM using the nlm CLI. Use when users ask to find information, summarize sources, or query a specific NotebookLM notebook. It is an AI Agent Skill for Claude Code / OpenClaw, with 1183 downloads so far.

How do I install NotebookLM CLI Cookies?

Run "/install notebooklm-cli-cookies" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NotebookLM CLI Cookies free?

Yes, NotebookLM CLI Cookies is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NotebookLM CLI Cookies support?

NotebookLM CLI Cookies is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NotebookLM CLI Cookies?

It is built and maintained by lhquangit (@lhquangit); the current version is v0.1.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments