NotebookLM-py: why it is not safe to use
NotebookLM-py is clean and transparent, but its optional login stores a durable full-account Google credential that carries real risk if the machine is compromised.
What we found
The skill itself is transparent and well-documented, with no hidden instructions, no third-party network calls, and no obfuscated code. Its network traffic goes only to Google and NotebookLM, and destructive actions like deleting a notebook require an explicit confirmation flag.
Our two cautions are about how it signs you in. The optional master-token mode saves a durable, full-account Google credential to a local file (`master_token.json`). This kind of token behaves like an infostealer target: it grants broad account access and can keep working even after you change your password, until you revoke it. The default mode reuses your full Google session cookies rather than a narrowly scoped token, and can import those cookies from your Chrome or Edge profile. The files are locked down with restrictive permissions and clear warnings, but the underlying access is broad. If your computer is compromised, these files are the crown jewels.
What to do instead
If you use it, prefer the standard session login over the master token, and revoke access from your Google account security page when you are done. Keep it on a trusted, encrypted machine, and avoid feeding untrusted text into its prompts. On AgentPod we list only reviewed, tested skills so you do not have to make this call alone.
Source: https://github.com/teng-lin/notebooklm-py
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.