← 返回 Skills 市场
NotebookLM Ops
作者
Spiceman161
· GitHub ↗
· v1.0.0
730
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install notebooklm-ops
功能描述
Manage NotebookLM MCP auth lifecycle on Linux by automating GUI startup, auth refresh, status check, and cleanup for frequent cookie expiry.
安全使用建议
This skill may be useful for automating NotebookLM auth refresh, but it relies on and executes scripts outside the skill bundle and operates your Chromium profile (cookies). Before installing or running it: 1) Inspect the actual host scripts referenced (/home/moltuser/clawd/* and /home/moltuser/clawd/skills/notebooklm-mcp/*) to confirm what they do and whether they contact remote services. 2) Verify you trust the account 'moltuser' and that those paths haven't been tampered with. 3) Prefer running in an isolated environment (container or VM) using a dedicated browser profile to limit exposure of your primary Google session. 4) Do not run this on hosts with sensitive Google sessions unless you review and control the external scripts. If you cannot inspect the referenced host scripts or do not trust them, do not enable this skill.
功能分析
Type: OpenClaw Skill
Name: notebooklm-ops
Version: 1.0.0
This skill is classified as suspicious due to its high-privilege access requirements and reliance on unprovided external scripts. It explicitly requires access to a pre-logged-in Chromium profile, granting it access to Google session cookies and other browser data. The skill uses Chrome DevTools Protocol (CDP), a powerful interface capable of extensive browser control and data extraction. While the provided `SKILL.md` and wrapper scripts (`notebooklm-on.sh`, `notebooklm-off.sh`, `notebooklm-smoke.sh`, `notebooklm-status.sh`) do not show explicit malicious intent, the core logic for GUI control and authentication refresh is delegated to external, unprovided scripts (e.g., `/home/moltuser/clawd/scripts/refresh-google-mcp-cookies.sh`, `/home/moltuser/clawd/scripts/notebooklm-remote-gui.sh`, and scripts within `/home/moltuser/clawd/skills/notebooklm-mcp`). This creates a significant vulnerability where a compromised or malicious external script could easily exfiltrate sensitive browser data or perform unauthorized actions, despite the stated benign purpose.
能力评估
Purpose & Capability
The stated purpose (managing NotebookLM MCP auth lifecycle) matches the high-level instructions (start GUI, use CDP, refresh auth, smoke test). However the skill depends on many external components and specific files under /home/moltuser/clawd (e.g., notebooklm-remote-gui.sh, refresh-google-mcp-cookies.sh, and a notebooklm-mcp skill directory) that are not declared in metadata. The shipped scripts are thin wrappers that call absolute host paths rather than self-contained logic, which is unexpected and brittle.
Instruction Scope
SKILL.md tells the agent to execute scripts by absolute path and to operate a Chromium profile (via CDP/VNC). That necessarily accesses browser session cookies and local scripts under /home/moltuser/clawd and /home/moltuser/clawd/skills/notebooklm-mcp. Those instructions go beyond simple API calls and will execute arbitrary host-side scripts and touch sensitive session data; the skill does not declare or limit what those external scripts do.
Install Mechanism
There is no install spec (instruction-only) which minimizes supply-chain risk. However the included script files simply delegate to other host scripts (absolute paths). The lack of an install step is low risk in itself but the skill implicitly assumes a pre-configured host environment that must be trusted.
Credentials
No environment variables or credentials are declared, yet the skill requires access to a Chromium profile and local scripts that contain/operate on Google session cookies and auth state. This is an implicit, high-sensitivity requirement that is not articulated in the metadata — the skill effectively needs access to user session tokens and local files, which is a proportionally large privilege for its stated purpose.
Persistence & Privilege
The skill does not request always:true and is user-invocable only, which is appropriate. Still, it will execute arbitrary host scripts and manipulate the local browser profile when invoked; while not an elevated platform privilege, that execution capability gives it substantial local impact and requires trusting the referenced host scripts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notebooklm-ops - 安装完成后,直接呼叫该 Skill 的名称或使用
/notebooklm-ops触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: automate NotebookLM MCP on/off/auth refresh, current-tab navigation to notebooklm.google.com, smoke/status checks, and full GUI stack cleanup. Designed for frequent cookie expiration; requires one-time Chromium login.
元数据
常见问题
NotebookLM Ops 是什么?
Manage NotebookLM MCP auth lifecycle on Linux by automating GUI startup, auth refresh, status check, and cleanup for frequent cookie expiry. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 730 次。
如何安装 NotebookLM Ops?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notebooklm-ops」即可一键安装,无需额外配置。
NotebookLM Ops 是免费的吗?
是的,NotebookLM Ops 完全免费(开源免费),可自由下载、安装和使用。
NotebookLM Ops 支持哪些平台?
NotebookLM Ops 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 NotebookLM Ops?
由 Spiceman161(@spiceman161)开发并维护,当前版本 v1.0.0。
推荐 Skills