notebooklm

[Skill Scanner] Installation of third-party script detected Based on the provided documentation alone, the skill's described capabilities are consistent with its purpose (automating a browser to query Google NotebookLM and storing local session data). The main security concerns are: (1) storage of sensitive session cookies/auth_info locally without described encryption, (2) automatic installation of Chromium and dependencies without pinned/trusted sources, and (3) the inability to verify where retrieved data or credentials might be sent because the actual scripts were not provided. I find no explicit signs of obfuscation or intentional malware in the documentation. Recommend: review the actual run.py and automation scripts to confirm network endpoints, ensure Chromium and packages are installed from trusted sources, restrict and encrypt local auth artifacts, and audit that no third-party exfiltration endpoints are used. Overall verdict: functionally coherent but with moderate operational security risks if scripts are not audited before use. LLM verification: The SKILL.md content is largely coherent with the claimed purpose (querying NotebookLM via browser automation and managing a local notebook library). There is no direct evidence of embedded malware in the documentation itself. However the skill requires automatic creation of a virtual environment and installation of dependencies via run.py and performs browser automation that can access Google session data and full notebook contents. Those capabilities are proportionate to the task but expand th