← Back to Skills Marketplace

NotebookLM Auth Bypass

Name: NotebookLM Auth Bypass
Author: antaripnandi

by antaripbozo · GitHub ↗ · v1.0.6 · MIT-0

cross-platform ⚠ suspicious

403

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install notebooklm-bypass

Description

Programmatic NotebookLM control with auto-recovery for authentication errors.

Usage Guidance

This skill legitimately automates re-login by extracting browser cookies, but that requires handling sensitive session cookies and modifying your persistent environment. Before installing or consenting to run the script: (1) review the script text yourself (it is included) and confirm you trust the skill source; (2) prefer running the provided Python script manually under your control rather than allowing an agent to run it autonomously; (3) be aware that cookies written to NOTEBOOKLM_AUTH_JSON or auth_payload.json can be read by other local processes and persist across reboots; (4) if you must use this, create an isolated account or machine profile and avoid storing full-account session cookies in environment variables; (5) ensure Playwright and its browser are installed from legitimate sources; and (6) if you do not fully trust the repository owner, do not grant the agent permission to run the script — perform the recovery yourself.

Capability Analysis

Type: OpenClaw Skill Name: notebooklm-bypass Version: 1.0.6 The skill bundle contains a script (scripts/auto_playwright.py) that extracts Google session cookies from a local Playwright browser profile and injects them into Windows User Environment Variables via PowerShell. While the stated purpose is to automate authentication recovery for the NotebookLM CLI, the programmatic extraction of browser cookies and modification of system environment variables are high-risk behaviors. Although the SKILL.md instructions require the agent to obtain user consent before execution and no evidence of remote data exfiltration was found, the capability to manipulate sensitive session data and system settings warrants a suspicious classification.

Capability Assessment

ℹ Purpose & Capability

The name/description (recover NotebookLM authentication) aligns with the included script: it automates a persistent Playwright browser profile, extracts storage_state cookies, and applies them to NOTEBOOKLM_AUTH_JSON. That capability is coherent with the stated purpose, but it necessarily requires access to sensitive session cookies and the ability to modify user environment settings.

⚠ Instruction Scope

SKILL.md instructs the agent to propose running the included Python script and to only run it with explicit user approval. The script, however, reads the user's home directory, writes auth_payload.json and storage_state.json into ~/.notebooklm, and (on Windows) injects the cookie payload into the user's persistent environment variables. These file and environment modifications are beyond a simple CLI wrapper and involve handling secrets (session cookies). The instructions do not explicitly enumerate the required runtime dependencies (python, playwright, chromium) in SKILL.md itself.

ℹ Install Mechanism

There is no install spec (instruction-only), so nothing is automatically downloaded or executed at install time. The README tells the user to pip install playwright and run playwright install chromium; those are expected for the script but are not enforced or declared in the skill metadata. This lowers supply-chain risk but means manual dependency management is required.

⚠ Credentials

The skill does not declare any required environment variables but the script writes a persistent NOTEBOOKLM_AUTH_JSON environment variable on Windows and saves cookie payloads to disk. Requesting/creating persistent credentials (session cookies) is a high-privilege operation — it's proportionate to 'restore auth' but is sensitive and not limited to ephemeral in-memory use. There is no mechanism in the skill to restrict or audit who/what can read those persisted values.

⚠ Persistence & Privilege

The script modifies user-level environment variables on Windows (persistent across sessions) and writes auth files into the user's home directory. While the skill is not set to always:true, these actions have lasting impact on the user's environment and increase the blast radius if the cookies are compromised or misused.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install notebooklm-bypass
After installation, invoke the skill by name or use /notebooklm-bypass
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.6

- Updated authentication recovery process to inject cookies directly into Windows Environment Variables. - Auth recovery now requires explicit user permission before proceeding. - Removed metadata specifying environment and config requirements. - Simplified instructions for handling "Authentication expired" errors.

v1.0.5

- Removed metadata block specifying environment and config file requirements from the skill documentation. - No functional changes; documentation is now simpler and more general.

v1.0.4

- Added a metadata field with Openclaw-specific environment and config requirements. - No other functional or behavioral changes.

v1.0.3

- Added credential documentation specifying required environment variable and file paths. - No changes to core logic or command structure.

v1.0.2

- Implements dynamic authentication: reads fresh auth payload from ~/.notebooklm/auth_payload.json for every command instead of using a permanent environment variable. - Adds explicit instruction to never set NOTEBOOKLM_AUTH_JSON permanently; requires per-invocation injection. - Clarifies authentication recovery: now reads updated credentials after the recovery script to ensure commands use valid authentication. - Updates rules for environment variable management and enhances security guidance.

v1.0.1

- Changed authentication recovery to require explicit user permission before running the auto-recovery script. - Now, when authentication fails, the user is prompted for approval before attempting to refresh cookies.

v1.0.0

Initial Release: The NotebookLM Auth Bypass Update [CRITICAL BUG FIX] Solved the multi-day "Authentication expired" loop that crashed autonomous agents. [NEW] Native Playwright Self-Healing: Agents now detect auth crashes, seamlessly launch a visible browser for 5 seconds to bypass Google bot-detection, silently extract fresh SameSite: Lax session cookies, and self-retry the command. Zero user intervention required. [NEW] Windows Auto-Injection: Automatically injects the refreshed cookies natively into the NOTEBOOKLM_AUTH_JSON environment variable, bypassing the Playwright cross-origin security drop bug. [CORE] Retains full native CLI integration for notebooklm list, create, source add, and ask commands.

Metadata

Slug notebooklm-bypass

Version 1.0.6

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 7

Frequently Asked Questions

What is NotebookLM Auth Bypass?

Programmatic NotebookLM control with auto-recovery for authentication errors. It is an AI Agent Skill for Claude Code / OpenClaw, with 403 downloads so far.

How do I install NotebookLM Auth Bypass?

Run "/install notebooklm-bypass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NotebookLM Auth Bypass free?

Yes, NotebookLM Auth Bypass is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does NotebookLM Auth Bypass support?

NotebookLM Auth Bypass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NotebookLM Auth Bypass?

It is built and maintained by antaripbozo (@antaripnandi); the current version is v1.0.6.

More Skills