Suno Music
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: suno-music Version: 1.0.0 The skill bundle is classified as suspicious due to potential vulnerabilities in the `scripts/suno.sh` file. The script allows the `BASE` URL for API calls to be controlled by the `SUNO_API_URL` environment variable, which could lead to Server-Side Request Forgery (SSRF) if an attacker can manipulate this variable (e.g., via prompt injection against the agent). Additionally, the `cmd_download` function in `suno.sh` takes a `--url` argument directly from input and uses `curl -sfL "$url" -o "$out"` to download content from an arbitrary URL. While the script itself does not execute the downloaded content, this could be exploited to download malicious files to the agent's host if an attacker can control the `--url` argument, potentially leading to further compromise through the agent's file handling or user interaction. The `SKILL.md` itself is benign and does not contain prompt injection attempts, but the script's capabilities present exploitable risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Code or users with access to the server or `.env` could use the Suno account session, generate songs, and spend credits.
This asks the user to extract and store a browser session cookie, plus an optional captcha-service key, so the backend can act as the authenticated Suno account; the supplied metadata declares no primary credential or env vars.
Create `.env` with your Suno cookie and optional 2Captcha key ... Copy the Cookie header value → update `.env` → restart server
Use a dedicated Suno account/session if possible, protect and rotate the cookie, do not paste unrelated cookies, and require the skill metadata to declare these credentials clearly.
Unreviewed or changed upstream code could run locally and process sensitive account credentials.
The core backend is third-party code outside the reviewed package, installed from an unpinned repository and npm dependency tree, and it is expected to handle the user's Suno cookie.
git clone https://github.com/gcui-art/suno-api && cd suno-api && npm install && npm run build
Pin the backend to a reviewed commit, audit its dependencies, prefer container isolation, and avoid giving it account cookies until the exact code being run is trusted.
A normal generation request may spend credits and add content to the user's Suno library.
Generating music is the skill's purpose, but it has account side effects: it consumes credits and creates songs in the user's Suno account.
Each generation uses credits (~10 per song pair) ... Songs appear in the user's Suno library/playlists
Confirm with the user before generating if credit usage, account history, or library entries matter.
Private lyrics or personal prompts could be shared with the configured backend and, through it, Suno.
Prompts, lyrics, styles, and titles are sent to the configured Suno API endpoint; it defaults to localhost, but SUNO_API_URL can route that data to another server.
BASE="${SUNO_API_URL:-http://localhost:3100}" ... curl -sf -X POST "$BASE/api/generate"Keep SUNO_API_URL pointed at a trusted local server unless you intentionally trust a remote endpoint, and avoid including sensitive personal information in prompts.
The Suno API server may continue running and remain able to use the stored Suno cookie.
The documentation suggests optional OS-level persistence for the backend service; it is disclosed and user-directed, but it can keep a cookie-backed server running after the task ends.
Start server: `PORT=3100 npm start` (or create a LaunchAgent/systemd service)
Only create a persistent service if needed, bind it to localhost, monitor it, and stop or disable it when not in use.