← 返回 Skills 市场
NotebookLM Skill
作者
Deheng Huang
· GitHub ↗
· v1.0.1
1673
总下载
3
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install nblm
功能描述
Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automati...
安全使用建议
This skill is functionally coherent as a NotebookLM integration, but it contains a real codebase (not just prose) that will auto-create a virtualenv, install Python/Node dependencies, launch a local browser daemon, persist Google auth tokens/cookies to disk, and can download from third-party sources (including a Z-Library downloader). Before installing: 1) Review the repository source (especially auth_manager.py, agent_browser integrations, and zlibrary/downloader.py). 2) Consider using a dedicated Google account for automation and do not commit the data/ directory. 3) If you are uncomfortable with automatic dependency installs or token persistence, run the code in a sandbox or inspect/modify run.py to control installs. 4) Be aware of legal/ethical issues around Z-Library downloads. 5) If you allow autonomous invocation, remember a malicious or buggy skill with persisted credentials and a long-lived daemon has broader impact—limit exposure accordingly.
功能分析
Type: OpenClaw Skill
Name: nblm
Version: 1.0.1
The skill is classified as suspicious due to its extensive use of high-risk capabilities, including full browser automation with anti-detection techniques (via `patchright_auth.py` and `run.py`), broad file system access for uploads and downloads (`source_manager.py`, `sync_manager.py`, `zlibrary/downloader.py`), and network access to external services like Z-Library. While these capabilities are documented and presented as necessary for the skill's stated purpose of NotebookLM document management and authentication, the use of anti-detection browsers and the inherent power of these operations introduce significant vulnerabilities and potential for misuse if the agent or underlying system were compromised. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints or installation of backdoors.
能力评估
Purpose & Capability
The skill claims to be an instruction-only NotebookLM helper but actually packages a large multi-file codebase (21+ scripts and helpers). That by itself is not malicious, but the registry metadata vs. included files is inconsistent. The feature set (browser automation, API wrapper, file uploads, Z-Library downloader) aligns with the README/SKILL.md, but the presence of a Z-Library download path and downloader module is unexpected for many users and raises legal/ethical concerns distinct from security.
Instruction Scope
Runtime instructions direct automatic creation of a .venv, pip/npm installs, launching an agent-browser daemon (headed browser) for Google login, and persisting auth tokens/cookies to data/*. The skill also supports folder sync and an upload-zlib command that will download from third-party sites. While these actions are relevant to NotebookLM integration, they require broad local file access, network downloads, and persistence of sensitive credentials—behaviors that deserve explicit user consent and review before execution.
Install Mechanism
There is no registry 'install' spec, but scripts/run.py auto-creates a virtualenv and runs pip/npm installs and browser installation steps. This means code and third-party packages will be fetched and executed locally (including Playwright/agent-browser assets). That is expected for browser-automation skills but increases risk compared to a pure instruction-only skill because remote packages and binaries will be downloaded and executed.
Credentials
The registry metadata lists no required environment variables, but the code/documentation accept and persist Google auth tokens and cookies (NOTEBOOKLM_AUTH_TOKEN, NOTEBOOKLM_COOKIES) and use settings like AGENT_BROWSER_OWNER_PID, TIMEOUT_SECONDS, proxy env vars. Persisting NotebookLM/Google tokens to data/auth/google.json is sensitive and proportionate for a client, but users should be aware the skill stores and can reuse credentials. The optional Z-Library auth and downloader further broaden required network access and credentials scope for certain features.
Persistence & Privilege
always:false (good). The skill runs a long-lived agent-browser daemon while in use and persists session/cookie/token files in data/ and data/agent_browser/storage_state.json. It does not appear to request elevated system-wide privileges or change other skills' configs, but the persisted credentials and daemon socket files create a longer-lived access surface that should be considered when granting the skill autonomous invocation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nblm - 安装完成后,直接呼叫该 Skill 的名称或使用
/nblm触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
nblm v1.0.1 changelog:
- Introduced NotebookLM querying commands with robust Google authentication and library management.
- New commands for managing notebooks and sources, including upload, syncing, and AI-powered summaries.
- Media artifact generation added: podcast, briefing, debate, slides, infographic, with download and status features.
- User-friendly prompts when uploading, ensuring clarity about notebook targets.
- Automated environment setup: dependencies and authentication handled on first run, no manual steps needed.
元数据
常见问题
NotebookLM Skill 是什么?
Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automati... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1673 次。
如何安装 NotebookLM Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nblm」即可一键安装,无需额外配置。
NotebookLM Skill 是免费的吗?
是的,NotebookLM Skill 完全免费(开源免费),可自由下载、安装和使用。
NotebookLM Skill 支持哪些平台?
NotebookLM Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NotebookLM Skill?
由 Deheng Huang(@magicseek)开发并维护,当前版本 v1.0.1。
推荐 Skills