Manage NotebookLM MCP auth lifecycle on Linux by automating GUI startup, auth refresh, status check, and cleanup for frequent cookie expiry.
Security Analysis
medium confidenceThe skill's purpose (refreshing NotebookLM auth) is plausible, but the instructions and shipped scripts rely on and execute absolute-path host scripts and a Chromium profile (cookies) that are not declared in metadata — this mismatch and access to sensitive browser session data is concerning.
The stated purpose (managing NotebookLM MCP auth lifecycle) matches the high-level instructions (start GUI, use CDP, refresh auth, smoke test). However the skill depends on many external components and specific files under /home/moltuser/clawd (e.g., notebooklm-remote-gui.sh, refresh-google-mcp-cookies.sh, and a notebooklm-mcp skill directory) that are not declared in metadata. The shipped scripts are thin wrappers that call absolute host paths rather than self-contained logic, which is unexpected and brittle.
SKILL.md tells the agent to execute scripts by absolute path and to operate a Chromium profile (via CDP/VNC). That necessarily accesses browser session cookies and local scripts under /home/moltuser/clawd and /home/moltuser/clawd/skills/notebooklm-mcp. Those instructions go beyond simple API calls and will execute arbitrary host-side scripts and touch sensitive session data; the skill does not declare or limit what those external scripts do.
There is no install spec (instruction-only) which minimizes supply-chain risk. However the included script files simply delegate to other host scripts (absolute paths). The lack of an install step is low risk in itself but the skill implicitly assumes a pre-configured host environment that must be trusted.
No environment variables or credentials are declared, yet the skill requires access to a Chromium profile and local scripts that contain/operate on Google session cookies and auth state. This is an implicit, high-sensitivity requirement that is not articulated in the metadata — the skill effectively needs access to user session tokens and local files, which is a proportionally large privilege for its stated purpose.
The skill does not request always:true and is user-invocable only, which is appropriate. Still, it will execute arbitrary host scripts and manipulate the local browser profile when invoked; while not an elevated platform privilege, that execution capability gives it substantial local impact and requires trusting the referenced host scripts.
Guidance
This skill may be useful for automating NotebookLM auth refresh, but it relies on and executes scripts outside the skill bundle and operates your Chromium profile (cookies). Before installing or running it: 1) Inspect the actual host scripts referenced (/home/moltuser/clawd/* and /home/moltuser/clawd/skills/notebooklm-mcp/*) to confirm what they do and whether they contact remote services. 2) Verify you trust the account 'moltuser' and that those paths haven't been tampered with. 3) Prefer running in an isolated environment (container or VM) using a dedicated browser profile to limit exposure of your primary Google session. 4) Do not run this on hosts with sensitive Google sessions unless you review and control the external scripts. If you cannot inspect the referenced host scripts or do not trust them, do not enable this skill.
Latest Release
v1.0.0
Initial release: automate NotebookLM MCP on/off/auth refresh, current-tab navigation to notebooklm.google.com, smoke/status checks, and full GUI stack cleanup. Designed for frequent cookie expiration; requires one-time Chromium login.
More by @Spiceman161
Published by @Spiceman161 on ClawHub
