PERMISSION REQUIRED — Only when user explicitly asks to add a notebook. ## Conversation Workflow (Mandatory) When the user says: "I have a NotebookLM with X" 1) Ask URL: "What is the NotebookLM URL?" 2) Ask content: "What knowledge is inside?" (1–2 sentences) 3) Ask topics: "Which topics does i...
Accepts URL/endpoint input (url)
Part of the Notebooklm MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use add_notebook to create or modify resources in Notebooklm. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call add_notebook repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Notebooklm.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
add_notebook:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Notebooklm policy for all 31 tools.
Agents calling write-class tools like add_notebook have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Write risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
PERMISSION REQUIRED — Only when user explicitly asks to add a notebook. ## Conversation Workflow (Mandatory) When the user says: "I have a NotebookLM with X" 1) Ask URL: "What is the NotebookLM URL?" 2) Ask content: "What knowledge is inside?" (1–2 sentences) 3) Ask topics: "Which topics does it cover?" (3–5) 4) Ask use cases: "When should we consult it?" 5) Propose metadata and confirm: - Name: [suggested] - Description: [from user] - Topics: [list] - Use cases: [list] "Add it to your library now?" 6) Only after explicit "Yes" → call this tool ## Rules - Do not add without user permission - Do not guess metadata — ask concisely - Confirm summary before calling the tool ## Example User: "I have a notebook with n8n docs" You: Ask URL → content → topics → use cases; propose summary User: "Yes" You: Call add_notebook ## How to Get a NotebookLM Share Link Visit https://notebooklm.google/ → Login (free: 100 notebooks, 50 sources each, 500k words, 50 daily queries) 1) Click "+ New" (top right) → Upload sources (docs, knowledge) 2) Click "Share" (top right) → Select "Anyone with the link" 3) Click "Copy link" (bottom left) → Give this link to Claude (Upgraded: Google AI Pro/Ultra gives 5x higher limits). It is categorised as a Write tool in the Notebooklm MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for add_notebook. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Notebooklm MCP server.
add_notebook is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the add_notebook rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for add_notebook. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
add_notebook is provided by the Notebooklm MCP server (@pan-sec/notebooklm-mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept