notebooklm

SUSPICIOUS: the skill is broadly aligned with NotebookLM automation, and the package source appears legitimate and publisher-consistent. Risk comes from using an unofficial client against undocumented Google APIs, handling raw session auth/state, enabling autonomous remote actions and downloads, and including transitive skill-install instructions. No clear evidence of credential exfiltration or malware.

SUSPICIOUS: The skill’s capabilities mostly match its stated NotebookLM automation purpose, but the trust model is weak. It relies on an unofficial personal-account CLI that handles Google session cookies, includes transitive skill installation, and enables automatic remote actions; this is coherent but higher-risk than an official integration.