Use this skill to query your Google NotebookLM notebooks directly from Claude Code for source-grounded, citation-backed answers from Gemini. Browser automation, library management, persistent auth. Drastically reduced hallucinations through document-only responses.
Security Analysis
medium confidenceThe skill's functionality (browser automation against NotebookLM) matches its description, but it performs automatic local installs, persists Google session cookies/profiles, and injects cookies—which is broadly proportional to the feature but raises privacy and unexpected-installation concerns that you should review before running.
The skill's name and description (querying Google NotebookLM via browser automation and persisting auth) align with the included scripts. It legitimately needs browser automation, a persistent profile, and cookie handling to preserve NotebookLM sessions. Minor mismatch: the registry declared no required binaries/env, yet the code auto-installs dependencies and requires real Chrome (not just Chromium) and patchright; this behavior is implemented in the code rather than declared in metadata.
SKILL.md instructs the agent to open browser sessions, query notebooks (including an automated 'Smart Add' that queries the notebook to discover its contents), and to run follow-up questions repeatedly until 'complete'. These are within the stated purpose but permit autonomous, repeated access to user notebooks and will cause the agent to read and transmit notebook content to the automation process. The instructions also require always using the run.py wrapper; combined with module behavior (see install) this can cause unexpected side effects when code is imported or executed.
There is no declared install spec in the registry, but the code itself creates a .venv, pip-installs requirements.txt and invokes patchright to install Chromium. Notably, scripts/__init__.py runs ensure_venv_and_run() on import, meaning environment creation and network downloads may happen implicitly when the module is imported or when a script is executed. Downloading browser binaries and packages at runtime is expected for browser automation but increases risk because it fetches external components automatically.
The skill declares no required environment variables or primary credential, but it persists and uses Google session cookies in a browser profile and state.json stored under ~/.claude/skills/notebooklm/data/. Those cookies effectively act as credentials and grant broad access to the Google account used (potentially beyond NotebookLM). The code's cookie-injection workaround (manual add_cookies) is plausible for the stated purpose, but storing and reusing session cookies is a high-sensitivity capability that should be proportionally protected and explicitly disclosed to users.
The skill persists a virtual environment, browser profile, and state.json in the skill data directory and can re-use those for later runs. While always:false (not force-installed), the code's import-time behavior that creates/installs the venv and browser can cause persistent changes without explicit separate installation steps. The skill does not modify other skills, but persistent cookie/profile storage grants ongoing access to the user's Google session and should be considered a long-lived privilege.
Guidance
What to consider before installing/running this skill: - Function matches purpose, but review the code first: the skill will create a .venv and download/install Python packages and a browser binary (patchright/chromium) automatically when its scripts run or are imported. Expect network downloads and filesystem changes in the skill folder. - Persistent Google session: The skill stores a browser profile and state.json (cookies). Those files let the skill act with your Google account session and could be used to access other Google services. Only use a dedicated account for automation, and inspect/secure the data directory (~/.claude/skills/notebooklm/data/). - Implicit installs: scripts/__init__.py triggers environment setup on import; that can run without an explicit 'install' step. If you want to review or control installation, run the code in an isolated environment (VM/container) first. - Privacy and scope: 'Smart Add' will query notebooks to discover their contents automatically—ensure you want the agent to read that data. The follow-up loop can cause multiple automated queries; watch rates and logs. - Safety steps you can take: audit the code before use; run it in a disposable VM or container; ensure file permissions limit access to the browser profile/state files; after use, clear auth with auth_manager.py clear or delete the data directory; monitor outgoing network traffic while testing. - What would increase risk to 'malicious': evidence of obfuscated code, hard-coded external exfil endpoints, or scripts that upload state.json/profile to third-party servers. If you see such signs, do not run the skill. Confidence note: medium — the code appears coherent with its stated purpose, but the automatic install behavior, persistent session cookie handling, and implicit side-effects on import are notable risks that merit manual review and cautious execution.
Latest Release
v0.1.0
notebooklm-skill v0.1.0 - Initial release introducing integration with Google NotebookLM for source-grounded, citation-backed research queries. - Provides persistent authentication, browser automation, and robust notebook/document management via a Python script interface. - Features Smart Discovery for notebook metadata, minimizing the need for manual data entry. - Strongly enforces use of a wrapper script (run.py) for consistent environment setup and dependency management. - Includes critical follow-up and synthesis workflow for comprehensive, accurate responses. - Stores all data locally with security in mind; configuration options via `.env` supported.
Popular Skills
Published by @guccidgi on ClawHub
