ClawHub

Suno Music

Security checks across malware telemetry and agentic risk

Overview

This is a plausible Suno music skill, but it needs review because it asks users to run unpinned third-party code with a Suno session cookie and includes broad download/write behavior.

Install only if you are comfortable reviewing or pinning the upstream gcui-art/suno-api server before giving it a Suno cookie. Keep the server bound to localhost, avoid leaving it running persistently, use non-sensitive prompts, confirm credit-spending actions, and only download trusted Suno-generated audio to safe paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell commands (`scripts/suno.sh`, `curl`, install/start steps) but declares no permissions, which hides its true execution capabilities from any policy or review layer. This matters because the skill can perform local command execution and network actions while appearing lower-risk than it is.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior exceeds the declared purpose, especially by allowing download from an arbitrary user-supplied URL to a chosen local file path. That creates a meaningful SSRF/file-write primitive and can be abused to fetch untrusted content into sensitive locations, while the undeclared credit-check and other side actions reduce transparency and user consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The `download` subcommand accepts an arbitrary `--url` and fetches it with `curl -sfL`, which gives this skill a general-purpose remote download primitive unrelated to its stated music-generation purpose. In an agent context, this can be abused to retrieve attacker-chosen content, enable SSRF against internal services if reachable, or stage untrusted files on disk for later use by other tools.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Arbitrary remote file download is not justified by the manifest, which describes song generation, lyrics, and Suno integration rather than a general file retrieval capability. That mismatch increases risk because it expands the skill's power beyond user expectations and can be leveraged to pull down malicious or sensitive content under the guise of a music tool.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill does not clearly warn users that prompts and generated songs are sent to an external/self-hosted Suno API and may appear in the user's Suno account/library. This can expose private prompts, lyrics, or sensitive themes to third-party processing/storage without informed consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The download path writes remote content directly to disk, either at a caller-supplied `--out` path or an auto-generated file in `/tmp`, without any confirmation or warning about the side effect. In an agent environment, silent file creation can be abused to plant unexpected files, overwrite user-chosen locations if permissions allow, or create artifacts later consumed by other processes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal