Critical-risk tools in Notebooklm

Critical severity Notebooklm MCP Server 5 of 31 tools

5 of the 31 tools in Notebooklm are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at critical risk

re_auth Destructive 5/5

Switch to a different Google account or re-authenticate. Use this when: - NotebookLM rate limit is reached (50 queries/day for free accounts) - You want to switch to a different...
remove_notebook Destructive 4/5

Dangerous — requires explicit user confirmation. ## Confirmation Workflow 1) User requests removal ("Remove the React notebook") 2) Look up full name to confirm 3) Ask: "Remove...
remove_source Destructive 4/5

Remove a source from a NotebookLM notebook. ## Usage 1. First call list_sources to get source IDs 2. Then call remove_source with the source ID ## Example ```json { "noteboo...
reset_session Destructive 4/5

Reset a session's chat history (keep same session ID). Use for a clean slate when the task changes; ask the user before resetting.
sync_library Destructive 4/5

Sync your local library with actual NotebookLM notebooks. ## What This Tool Does - Navigates to NotebookLM and extracts all your notebooks - Compares with local library entries...

Attacks that target this class

Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Critical-risk tools in Notebooklm

Tools at critical risk

Attacks that target this class

More on Notebooklm

Enforce policy on Notebooklm