Suno
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Suno music-generation guide, but using its API or browser modes can involve third-party services, account credentials, and local saved creative preferences.
This skill appears safe to install if you are comfortable with Suno or the listed API providers receiving your prompts and lyrics when you use generation features. Keep API keys out of files and chat, confirm before actions that may use credits, and periodically review the local ~/suno/ folder if your creative work is sensitive.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you ask it to use the browser, it may operate your Suno account and use generation quota or credits.
The skill documents browser automation that can submit a music-generation action in a logged-in Suno session. This is central to the skill's purpose and is described as a user-directed workflow.
browser action=act request={"kind":"click","ref":"create-button"}Confirm the prompt, mode, and any cost or quota impact before letting the agent click Create or run API generation.
API keys or a logged-in browser session can create music through your account and may consume paid credits or service quota.
The skill may use third-party API credentials for music generation. This is purpose-aligned and disclosed, but users should treat those keys as account access.
API keys authenticate requests. Prompts and lyrics are sent for processing.
Use environment variables or a keychain, avoid pasting API keys into chat or files, and prefer keys with usage limits or easy revocation.
Your prompts, lyrics, and related creative content may be processed by Suno or third-party API providers.
The artifacts disclose external provider endpoints and what data is sent. This is expected for the skill, but it means creative content leaves the local machine when API or browser generation is used.
api.aimusicapi.ai | Prompts, lyrics | Music generation ... api.evolink.ai | Prompts, lyrics | Music generation ... suno.com | Browser session
Only use providers you trust, review their terms and privacy policies, and avoid sending sensitive or confidential lyrics/prompts.
Your creative preferences, prompts, project names, and possibly song URLs may remain on disk and be reused in later sessions.
The skill persists music preferences, successful prompts, and project details locally for reuse. The path is bounded and purpose-aligned.
This skill creates `~/suno/` on first use: - **memory file** — Preferences, successful prompts - **projects folder** — Per-project tracking
Review or delete ~/suno/ when needed, keep sensitive project details out of memory files, and do not store API keys there.
A user relying on the stale review file could underestimate that prompts or lyrics may be sent to third-party services.
This included review HTML appears stale or inconsistent with the current SKILL.md, which correctly discloses external API and browser endpoints. Because the primary instructions disclose the data flow, this is a note rather than a concern.
All data stays on your machine. The skill itself makes no external requests.
Rely on the current SKILL.md/setup/api docs for privacy expectations, or update/remove the stale review HTML wording.