Is lhquangit/notebooklm-cli-cookies safe?

https://github.com/openclaw/skills/tree/main/skills/lhquangit/notebooklm-cli-cookies

70
CAUTION

This NotebookLM integration skill provides legitimate functionality but requires extensive system privileges and handles authentication credentials. While no actual data exfiltration occurred, the skill accessed sensitive honeypot files and includes scripts that make significant system modifications.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 60/100 · 25%
Code Execution 40/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 80/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (5)

HIGH Extensive System Modification Scripts -40

The skill includes a bootstrap script that installs system packages, modifies systemd services, creates configuration files, and requires sudo privileges for extensive system changes.

HIGH Honeypot File Access -30

The skill accessed multiple sensitive honeypot files including .env, SSH keys, AWS credentials, and other authentication files during installation.

MEDIUM Authentication Injection Script -20

The aws-inject-notebooklm-auth.sh script processes authentication credentials and writes them to the filesystem with specific permissions.

MEDIUM Credential Handling -10

Scripts are designed to handle and process NotebookLM authentication credentials, including cookies and metadata.

LOW Directive Agent Instructions -15

The skill contains hard rules that direct the agent to always use nlm commands and not answer from memory.