Update notebook metadata based on user intent. Pattern 1) Identify target notebook and fields (topics, description, use_cases, tags, url) 2) Propose the exact change back to the user 3) After explicit confirmation, call this tool Examples - User:
AI agents use update_notebook to create or update resources in NotebookLM MCP Structured — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your NotebookLM MCP Structured environment.
This tool creates or modifies data reversibly by updating notebook metadata fields. It does not delete data (Destructive), execute arbitrary code (Execute), move money (Financial), or retrieve data without side effects (Read). The reversible nature of metadata updates and the confirmation requirement before execution place it in the Write category.
From the tool's definition Tool description states 'Update notebook metadata' and mentions modifying fields like topics, description, use_cases, tags, and url. The pattern confirms it applies changes 'After explicit confirmation' to a notebook.
Documented attack patterns abuse exactly the kind of access update_notebook gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and NotebookLM MCP Structured, and nothing reaches the server without passing your rules. This is the rule we recommend for update_notebook:
{
"version": "1",
"default": "deny",
"tools": {
"update_notebook": {
"limits": [
{
"counter": "update_notebook_rate",
"window": "minute",
"max": 30,
"scope": "grant"
}
]
}
}
}update_notebook stays usable, but capped — an agent stuck in a loop can't make hundreds of changes a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Update notebook metadata based on user intent. Pattern 1) Identify target notebook and fields (topics, description, use_cases, tags, url) 2) Propose the exact change back to the user 3) After explicit confirmation, call this tool Examples - User:. It is categorised as a Write tool in the NotebookLM MCP Structured MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Register the NotebookLM MCP Structured MCP server in PolicyLayer and add a rule for update_notebook: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches NotebookLM MCP Structured. Nothing to install.
update_notebook is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the update_notebook rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for update_notebook. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
update_notebook is provided by the NotebookLM MCP Structured MCP server (paolodalprato/notebooklm-mcp-structured). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 15 NotebookLM MCP Structured tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
15 NotebookLM MCP Structured tools catalogued and risk-classified — across an index of 42,500+ MCP servers.