Udio
v1.0.0Generate AI music with Udio via API wrappers or browser automation, with prompt engineering and song extensions.
⭐ 0· 354·0 current·0 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the contents: the skill focuses on generating music via either API wrappers or browser automation. Requesting a Udio session token (sb-api-auth-token exposed as UDIO_AUTH_TOKEN) and recommending python3 (because the skill shows Python wrapper usage) are reasonable for this purpose. The skill documents community wrappers and links to GitHub/NPM repositories rather than requesting unrelated cloud credentials or OS-level access.
Instruction Scope
The runtime instructions explicitly walk the agent through extracting the sb-api-auth-token from the user's browser cookies (DevTools/console) and using it for API wrapper calls, plus creating a ~/udio/ memory and project directory. These actions are within the music-generation scope, but extracting/providing a session cookie is sensitive — the instructions repeatedly state not to store token values in plain text and to only record the token location (keychain/env).
Install Mechanism
This is instruction-only (no install spec). The skill suggests installing community wrappers via pip/npm and links to GitHub repos and NPM package names; those are standard package sources (git/github/npm), not arbitrary downloads. No automatic or embedded installers are included in the skill itself.
Credentials
The only required environment credential is UDIO_AUTH_TOKEN (declared as primaryEnv). That is proportionate for driving an internal/non-public API. It is nonetheless a full session credential (a cookie) and grants account-level access to udio.com, so treating it as sensitive is important; the skill advises storing the token in a keychain or env var and not in memory files.
Persistence & Privilege
The skill does create and use a local memory directory (~/udio/) for preferences, prompts, and downloaded songs, and it explicitly warns not to save token values in plain text. always is false and the skill does not request system-wide or cross-skill configuration changes. Note: since the agent may invoke the skill autonomously, providing a valid UDIO_AUTH_TOKEN would allow the skill to act with that token (normal but worth considering).
Assessment
This skill is internally consistent with its purpose, but it requires your Udio session cookie (sb-api-auth-token) to use the undocumented/internal API. That token effectively grants account access, so only provide it if you understand and accept the risk. Follow the skill's advice: store the token securely (OS keychain or an environment variable), do not paste the token into chat or memory files, and inspect the community wrapper repos (github.com/flowese/UdioWrapper and josephgodwinkimani/udio-wrapper) before installing. If you later want to revoke access, log out of udio.com or re-authenticate (which will invalidate the cookie). Finally, be aware this uses community-maintained wrappers and browser automation (not an official public API), so review terms of service and the wrapper code before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97fpkg7ghqevq816tx0jwqv1n81xnk3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎵 Clawdis
OSLinux · macOS · Windows
Binspython3
EnvUDIO_AUTH_TOKEN
Primary envUDIO_AUTH_TOKEN