Back to skill
Skillv1.0.6
VirusTotal security
revol-suno-headless-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:10 AM
- Hash
- fc6fa49493b3200436d98df4722254b0765fc3af276cb019ef675ae9c093864d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: suno-headless-skill Version: 1.0.6 The skill is classified as suspicious due to several risky practices and vulnerabilities, despite its stated purpose appearing benign. Key indicators include: 1) The `suno_login.py` script passes Gmail credentials directly as command-line arguments, which are visible in process lists (`ps aux`), posing a credential exposure vulnerability. 2) The `patch_hcaptcha.py` script directly modifies the source code of a third-party Python library (`hcaptcha-challenger`), which is an unconventional and fragile practice that can compromise system integrity and stability. 3) The use of `sudo` for installing system dependencies and the `--no-sandbox` flag for Chrome in `suno_create_song.py` and `suno_login.py` introduce elevated privileges and reduced browser security, respectively. While these actions are intended to enable the skill's functionality (automating Suno AI on a headless server), they represent significant security risks without clear malicious intent.
- External report
- View on VirusTotal