Suno Claw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Suno/kie.ai music-generation skill whose main risks are expected privacy tradeoffs from sending creative content to an API and keeping local preference memory.

Install only if you are comfortable sending music prompts, lyrics, titles, and style tags to kie.ai and keeping liked generations in local memory files. Use a dedicated API key, leave CALLBACK_URL empty unless you control the endpoint, avoid sensitive unpublished material, and delete memory/history.json or memory/patterns.log when you do not want preferences retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (14)

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The skill reads persistent preference data from memory/patterns.log without any clear consent, minimization, or access controls. Even if intended for personalization, silent reuse of prior user data can expose sensitive preferences across sessions and create unintended data retention risks.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The workflow explicitly stores user ideas, generated lyrics, feedback, audio URLs, and derived preference patterns in history.json and patterns.log for later reuse, but the document does not establish retention limits, consent, minimization, or a narrowly justified need for long-term memory. That creates a real privacy and data-governance risk because user-provided creative prompts and preference profiles can be sensitive and persist beyond the immediate session.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The architecture explicitly stores complete interaction snapshots in `history.json` and long-term memory summaries in `patterns.log`, but it does not describe user notice, consent, retention controls, minimization, or access restrictions. In a creative workflow, prompts and feedback can contain personal data, preferences, or sensitive text, so silent persistence increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The design sends prompts and generated content through the external `kie.ai` API, but the document does not mention third-party data transfer or any warning to users. Because lyrics, style instructions, and feedback may include personal or proprietary information, undisclosed transmission to an external service creates privacy and trust risks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly describes persistent storage of interaction history and long-term preference patterns, but it does not provide a clear privacy notice, retention policy, consent mechanism, or guidance on handling potentially sensitive user input. In a music-generation skill, prompts may contain personal tastes, emotions, or other sensitive creative data, so silent retention increases privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly stores detailed user ideas, ratings, comments, generated lyrics metadata, and preference patterns in persistent files, but it does not describe notice, consent, retention limits beyond file-size management, or deletion/access controls. This creates privacy risk because sensitive preference profiles and creative history can accumulate indefinitely in `patterns.log`, be reused in later prompts, and potentially be exposed or misused if the environment is shared or compromised.

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The prompt instructs the agent to perform parallel web searches using user-provided creative input, but it does not require any notice, consent, or minimization around sending that input to external services. If users include personal or sensitive information in their idea, that data could be transmitted to third-party search providers unexpectedly, creating a privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill performs web search and reads stored preference data without any user-facing notice that prompt content may leave the local context or be combined with prior history. This can surprise users and cause unintentional disclosure of creative ideas, preferences, or other sensitive content.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill stores liked prompts, user ideas, generated prompts, audio URLs, and derived tags in history files without explicitly warning the user first. Persistent storage of raw natural-language inputs and metadata can reveal personal preferences, creative concepts, or identifying patterns over time.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The persistence flow records user creative input, lyrics, feedback, and inferred preference signals without any stated privacy notice, consent mechanism, retention period, or access control guidance. This is dangerous because the stored material can reveal personal tastes, emotions, or identifiable creative work, and users are given no indication that their data becomes long-lived profile memory.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The skill explicitly retains interaction history and long-term preference patterns, including lyrics, style preferences, and generation records, for reuse in future tasks. This creates a real privacy and data leakage risk because user-provided creative content may be persisted beyond the original session and later surfaced to other prompts, operators, or compromised components.

Ssd 3

Medium

Confidence: 89% confidence
Finding: The archive step instructs the system to save user preferences after positive feedback, which semantically authorizes persistence of user-provided data for future reuse. In context, this increases the chance of unauthorized retention of personal or proprietary creative preferences, especially because the broader skill design includes a long-term memory store.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The design persists unfiltered user_idea, suno_prompt, audio_url, and derived tags into history and patterns logs for later reuse. This creates a durable corpus of user-provided natural-language content that could contain personal data, confidential ideas, or sensitive themes, and later prompt reuse amplifies the privacy risk.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The workflow mandates persistent storage and later reuse of original user inputs, generated lyrics, feedback, and preference patterns in natural-language files, creating a durable user profile. This is a genuine security/privacy issue because such unstructured memory stores are easy to over-collect, hard to sanitize, and may leak sensitive user-derived content or enable unintended profiling across sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal