← Back to Skills Marketplace
magicseek

NotebookLM Skill

by Deheng Huang · GitHub ↗ · v1.0.1
cross-platform ⚠ suspicious
1673
Downloads
3
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install nblm
Description
Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automati...
Usage Guidance
This skill is functionally coherent as a NotebookLM integration, but it contains a real codebase (not just prose) that will auto-create a virtualenv, install Python/Node dependencies, launch a local browser daemon, persist Google auth tokens/cookies to disk, and can download from third-party sources (including a Z-Library downloader). Before installing: 1) Review the repository source (especially auth_manager.py, agent_browser integrations, and zlibrary/downloader.py). 2) Consider using a dedicated Google account for automation and do not commit the data/ directory. 3) If you are uncomfortable with automatic dependency installs or token persistence, run the code in a sandbox or inspect/modify run.py to control installs. 4) Be aware of legal/ethical issues around Z-Library downloads. 5) If you allow autonomous invocation, remember a malicious or buggy skill with persisted credentials and a long-lived daemon has broader impact—limit exposure accordingly.
Capability Analysis
Type: OpenClaw Skill Name: nblm Version: 1.0.1 The skill is classified as suspicious due to its extensive use of high-risk capabilities, including full browser automation with anti-detection techniques (via `patchright_auth.py` and `run.py`), broad file system access for uploads and downloads (`source_manager.py`, `sync_manager.py`, `zlibrary/downloader.py`), and network access to external services like Z-Library. While these capabilities are documented and presented as necessary for the skill's stated purpose of NotebookLM document management and authentication, the use of anti-detection browsers and the inherent power of these operations introduce significant vulnerabilities and potential for misuse if the agent or underlying system were compromised. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or installation of backdoors.
Capability Assessment
Purpose & Capability
The skill claims to be an instruction-only NotebookLM helper but actually packages a large multi-file codebase (21+ scripts and helpers). That by itself is not malicious, but the registry metadata vs. included files is inconsistent. The feature set (browser automation, API wrapper, file uploads, Z-Library downloader) aligns with the README/SKILL.md, but the presence of a Z-Library download path and downloader module is unexpected for many users and raises legal/ethical concerns distinct from security.
Instruction Scope
Runtime instructions direct automatic creation of a .venv, pip/npm installs, launching an agent-browser daemon (headed browser) for Google login, and persisting auth tokens/cookies to data/*. The skill also supports folder sync and an upload-zlib command that will download from third-party sites. While these actions are relevant to NotebookLM integration, they require broad local file access, network downloads, and persistence of sensitive credentials—behaviors that deserve explicit user consent and review before execution.
Install Mechanism
There is no registry 'install' spec, but scripts/run.py auto-creates a virtualenv and runs pip/npm installs and browser installation steps. This means code and third-party packages will be fetched and executed locally (including Playwright/agent-browser assets). That is expected for browser-automation skills but increases risk compared to a pure instruction-only skill because remote packages and binaries will be downloaded and executed.
Credentials
The registry metadata lists no required environment variables, but the code/documentation accept and persist Google auth tokens and cookies (NOTEBOOKLM_AUTH_TOKEN, NOTEBOOKLM_COOKIES) and use settings like AGENT_BROWSER_OWNER_PID, TIMEOUT_SECONDS, proxy env vars. Persisting NotebookLM/Google tokens to data/auth/google.json is sensitive and proportionate for a client, but users should be aware the skill stores and can reuse credentials. The optional Z-Library auth and downloader further broaden required network access and credentials scope for certain features.
Persistence & Privilege
always:false (good). The skill runs a long-lived agent-browser daemon while in use and persists session/cookie/token files in data/ and data/agent_browser/storage_state.json. It does not appear to request elevated system-wide privileges or change other skills' configs, but the persisted credentials and daemon socket files create a longer-lived access surface that should be considered when granting the skill autonomous invocation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nblm
  3. After installation, invoke the skill by name or use /nblm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
nblm v1.0.1 changelog: - Introduced NotebookLM querying commands with robust Google authentication and library management. - New commands for managing notebooks and sources, including upload, syncing, and AI-powered summaries. - Media artifact generation added: podcast, briefing, debate, slides, infographic, with download and status features. - User-friendly prompts when uploading, ensuring clarity about notebook targets. - Automated environment setup: dependencies and authentication handled on first run, no manual steps needed.
Metadata
Slug nblm
Version 1.0.1
License
All-time Installs 8
Active Installs 7
Total Versions 1
Frequently Asked Questions

What is NotebookLM Skill?

Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automati... It is an AI Agent Skill for Claude Code / OpenClaw, with 1673 downloads so far.

How do I install NotebookLM Skill?

Run "/install nblm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NotebookLM Skill free?

Yes, NotebookLM Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NotebookLM Skill support?

NotebookLM Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NotebookLM Skill?

It is built and maintained by Deheng Huang (@magicseek); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments