ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI Songwriter

三道工序 AI 写歌。用户只需给主题,全自动跑完白描起草→注入灵魂金句→完美押韵排版→Suno生成,最终直接返回试听链接。中间不停顿、不等用户确认。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 154 · 1 current installs · 1 all-time installs
by@jason-hou-pe
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AI songwriter using Suno) aligns with the included script which calls api.kie.ai/Suno. However the registry metadata claims no required env vars while both SKILL.md and scripts/generate_suno.js require KIE_API_KEY (or SUNO_API_KEY). That mismatch is an incoherence between declared requirements and actual capability.
!
Instruction Scope
SKILL.md mandates fully autonomous execution (no user confirmation), spawning multiple subagents (sessions_spawn), writing lyrics to /tmp/suno_lyrics.txt and invoking a local Node script that sends the lyrics to api.kie.ai. Passing the entire lyrics as a command-line argument leaks the text to the system process list; using /tmp (world-readable) also exposes data. Spawning subagents can send conversation/context off to other models/agents. These behaviors are beyond a simple 'draft-helper' UX and increase privacy/exfiltration risk.
Install Mechanism
No install spec (instruction-only plus an included Node script). Low installation risk: nothing is downloaded from external URLs during install.
!
Credentials
The script and SKILL.md require an API key (KIE_API_KEY or SUNO_API_KEY) to contact api.kie.ai, which is proportionate to the stated purpose. However the registry metadata lists no required environment variables — this omission is an inconsistency that could mislead users into installing without providing the API key. The skill accepts either KIE_API_KEY or SUNO_API_KEY; that is reasonable but should be declared explicitly in metadata.
Persistence & Privilege
always:false and no system-wide config modifications. The skill does spawn subagents and runs a local Node script at runtime, but it does not request persistent elevated privileges or change other skills' configurations.
What to consider before installing
Before installing, be aware: (1) Despite registry metadata, this skill requires an API key (KIE_API_KEY or SUNO_API_KEY) and will send your lyrics/conversation to api.kie.ai — only proceed if you trust that service. (2) The skill is explicitly designed to run end-to-end without asking the user for approval; if you want manual review before generation, do not use it as-is. (3) The runtime writes lyrics to /tmp and passes them as a command-line argument to the Node script—this can expose content to other local users/processes and the system process list. (4) Confirm the intended callback URL (script currently uses a placeholder https://example.com/callback) and ask the publisher to clarify whether that will be changed. (5) Ask the publisher to update the registry metadata to declare required env vars, provide a homepage/source repo, and (ideally) modify invocation to avoid passing secrets/plaintext via command-line and to require explicit user confirmation. If you proceed, restrict the API key's permissions, use a throwaway key for testing, and rotate it after evaluation.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk97b97kst36njw9evqs6s9xaxh82tfdk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AI Songwriter(三道工序一条龙)

这是一个让 AI 像人类作词人一样,经过三道工序打磨歌词,并全自动调用 Suno V5 生成歌曲的完整流水线。

使用前准备

必须在系统环境变量中设置 KIE_API_KEY:

export KIE_API_KEY="你的_kie.ai_API_Key"

⚠️ 铁律:全自动流水线

用户给一个主题后,你必须全自动跑完以下4步,中间绝不停下来等用户确认。 遇到需要调用大模型的步骤,直接使用你当前默认的模型,不需要强制指定 model: opus,除非用户特别要求。 唯一允许的中间输出:在Step 1启动后告诉用户"正在创作,大约需要2-3分钟,写完直接把歌端上来"。 绝对不要问:“这版词可以吗?”“要不要调整?”

Step 1:白描起草

启动一个 subagent(sessions_spawn): Prompt:

你是顶级作词人。根据主题"[用户主题]"写一首中文流行歌的初稿。 规则:绝对白描(具体微距场景:冷掉的咖啡、雨打车窗、流浪猫的碗)。 禁用宏大词汇(星辰、迷途、维度、归途、浩瀚、梦想)。 只专注画面和叙事,不用管押韵和结构。

Step 2:注入灵魂 + 金句

拿到 Step 1 的输出后立刻启动下一个 subagent: Prompt:

拿到这份歌词初稿:[Step 1 输出] 你的任务:注入深层情感和灵魂。

  1. 提炼或创造一句刺穿心脏的"金句"(金句),作为全曲的情感钩子
  2. 重新编排歌词,让金句在副歌重复至少两次
  3. 确保情绪有层次(克制→积蓄→爆发→回落)

Step 3:完美押韵 + Suno 排版

拿到 Step 2 的输出后立刻启动下一个 subagent: Prompt:

拿到这份带金句的歌词:[Step 2 输出]

  1. 死磕完美押韵(押韵),确保全曲锁定一个主韵脚家族
  2. 嵌入 Suno 导演标签到歌词结构中(例:[Intro: Melancholy Piano], [Verse 1: Soft breathy vocal], [Chorus: Explosive drums, belting])
  3. 提供 Suno Style Tags(115字符以内)

输出格式必须严格如下: [SUNO_STYLE_TAGS] <逗号分隔标签,115字符内>

[FULL_LYRICS_WITH_METATAGS] <完整歌词脚本>

Step 4:Suno 生成(自动脚本,不等用户)

拿到 Step 3 的输出后立刻执行:

  1. 从输出中提取 [SUNO_STYLE_TAGS][FULL_LYRICS_WITH_METATAGS]
  2. 将歌词写入临时文件:/tmp/suno_lyrics.txt
  3. 调用生成脚本:
node {baseDir}/scripts/generate_suno.js "歌名" "$(cat /tmp/suno_lyrics.txt)" "STYLE_TAGS"
  1. 脚本会轮询等待。拿到音频URL后,一次性交付给用户:歌词全文 + 试听链接。

最终交付模板

🎵 《歌名》生成完毕!

🎧 试听:
👉 版本A:[URL]
👉 版本B:[URL](如果有的话)

📝 歌词:
[去除了元标签的干净歌词]

💡 金句:[核心金句]

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…