The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The README.md file contains multiple links to an external ZIP archive ('notebooklm-skill-v3.4.zip') on the account 'dhhn2002', which differs from the skill's declared owner 'openclaw'. All primary documentation links (Wiki, Issues, Contributing) are deceptive and redirect to this download URL.
[COMMAND_EXECUTION]: The wrapper script scripts/run.py utilizes subprocess.run to execute other Python scripts with agent-provided arguments, enabling a vector for command injection or execution of unverified scripts.
[REMOTE_CODE_EXECUTION]: The initialization scripts scripts/setup_environment.py and scripts/__init__.py automatically download and install external libraries (patchright) and browser binaries (chromium, chrome) from remote sources at runtime.
[PROMPT_INJECTION]: Instructions in SKILL.md use high-pressure directives ('⚠️ CRITICAL', 'EXTREMELY IMPORTANT') and 'Follow-Up' mechanisms to override the agent's default conversational behavior and safety constraints.
[CREDENTIALS_UNSAFE]: The skill's architecture in scripts/auth_manager.py captures Google session cookies and stores them in a local state.json file. These credentials are then manually injected into browser sessions, posing a risk of session theft if the local file system is compromised.

notebooklm