NotebookLM Skill

Expert guide for the NotebookLM CLI (`nlm`) and MCP server - interfaces for Google NotebookLM. Use this skill when users want to interact with NotebookLM pro...

This skill appears to be a thorough guide for the nlm CLI and MCP and mostly does what it says. However, it contains troubleshooting steps that involve handling raw browser cookies/auth tokens and instructions to change sandbox/network settings (e.g., editing sandbox config or running with 'danger-full-access'). Before using or following those steps: - Prefer official OAuth/browser login flows rather than copying cookie headers into third-party tools. Do not paste cookies or auth tokens into tools unless you trust the tool's exact source and code. Treat cookie headers like passwords. - Avoid following instructions that disable sandbox/network protections in environments you don't control. Enabling full network access or running commands that bypass sandboxing can expose your machine or credentials. - If you plan to give the agent the ability to run these commands, run them in an isolated VM or ephemeral environment where exposing tokens is low-risk. - Ask the publisher for the skill's source repository or homepage. Having a public source or release reduces risk and would increase confidence in this evaluation. What would change this assessment: a verifiable upstream source (GitHub repo or official package), explicit guidance that uses an OAuth-style flow instead of manual cookie copy, or removal of instructions that recommend disabling sandbox protections would reduce the 'concern' flags and could move the verdict toward 'benign.' Conversely, any hidden code, remote endpoints, or explicit requests to transmit cookies to third-party servers would raise severity.

Type: OpenClaw Skill Name: nlm-notebooklm Version: 1.0.0 The skill bundle is classified as suspicious due to several powerful capabilities that, while presented for legitimate purposes, could be exploited. Specifically, the `nlm source content -o` and `nlm download --output` commands allow writing arbitrary content to specified file paths, posing a risk for file overwrite or creation in sensitive locations. Additionally, the `SKILL.md` and `references/troubleshooting.md` files document powerful system commands like `pkill` and `kill -9` for troubleshooting, which could be misused. The skill also integrates with OpenClaw's CDP for authentication (`nlm login --provider openclaw --cdp-url http://127.0.0.1:18800`), granting significant browser control. However, the skill explicitly instructs the AI agent with strong safety rules, such as 'ALWAYS ASK USER BEFORE DELETE' and 'DO NOT launch REPL', indicating a lack of malicious intent from the skill developer. There is no evidence of intentional data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation.