ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ACE-Step Music Generation

v1.0.0

Generate high-quality music on Apple Silicon Macs using ACE-Step 1.5 with MLX backend, supporting custom prompts, durations, and output formats.

0· 311·0 current·0 all-time
by@richmandp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description describe local ACE‑Step music generation on Apple Silicon and included files implement that (install scripts, generation scripts, local HTTP API, senders). However registry metadata said 'instruction-only' while the bundle contains many code files — mismatch. There are also inconsistent repository/model names across SKILL.md, deploy scripts and capsule.json (e.g., ACE-Step-1.5 vs ACE-Step vs Ace-Step1.5 and a curl to evomap.ai in capsule.json). These inconsistencies may be sloppy packaging or indicate the source/origin is unclear; they should be verified.
!
Instruction Scope
Runtime code and scripts construct shell commands and Python -c snippets embedding user-provided prompts and other parameters without sanitization (ace_step_agent_server.py builds a shell command with the prompt inserted; ace-step-agent.sh / ace_step_skill.py write Python code with prompt strings). The HTTP API server exposes a local endpoint for other agents to POST prompts; because prompts are interpolated into shell/python commands and executed via shell=True, specially crafted prompts could break out and lead to command injection on the host. Several scripts also use hard-coded absolute paths and a hard-coded Feishu target identifier (FEISHU_CHAT). The SKILL.md itself includes steps to collect system info which is reasonable, but the concrete code does more (creates servers, writes files, runs subprocesses) — review required.
Install Mechanism
There is no formal install spec in registry (marked instruction-only) yet the bundle includes multiple install/deploy scripts that clone repos and download model weights from GitHub/HuggingFace. The download URLs are mostly to known hosts (github.com and huggingface.co), which is expected, but capsule.json references a curl piped to bash from evomap.ai (a third-party host) — that is inconsistent with other files and increases risk if used. Some script details (repo names and paths) are inconsistent with SKILL.md; verify official upstream sources before running automated installers.
Credentials
The skill declares no required env vars or credentials which matches most files. Optional/auxiliary scripts reference platform-specific tools (openclaw CLI) and show examples for TELEGRAM_BOT_TOKEN / DISCORD_WEBHOOK etc. There is a hard-coded FEISHU_CHAT user id in feishu_music_sender.py and example tokens in SEND_GUIDE.md — these are placeholders but should be removed or validated. No secrets are required by the skill bundle itself, which is proportionate, but the presence of example/placeholder tokens and hard-coded targets is a privacy/operational concern.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configurations. It includes an optional local HTTP server and several install scripts which, if run, persist files on disk and may run services, but nothing in the manifest forces persistent installation or automatic autorun. Starting the included server is manual per docs.
What to consider before installing
Before installing or running anything from this skill: 1) Do NOT run install scripts or curl|bash commands blindly. Verify the upstream repositories (the SKILL.md and scripts reference different repo names/URLs). Prefer cloning from the official project pages you trust. 2) Inspect and/or run scripts in a locked-down environment first (VM or throwaway Mac user account). Several scripts create an HTTP server (localhost:8765) and run shell/python code — test in isolation. 3) Be cautious with the local HTTP API: it interpolates prompt text directly into shell/python commands. If you will start the API, consider restricting access (bind to localhost only), and sanitize or avoid interpolating untrusted input to prevent command injection. 4) Remove or check hard-coded identifiers and placeholders (e.g., FEISHU_CHAT target, example tokens) so the package cannot accidentally send notifications to an unintended recipient. 5) If you need automated installation, prefer to run commands step-by-step and inspect downloaded model URLs; avoid third-party curl|bash endpoints (capsule.json suggests evomap.ai) unless you can verify them. 6) If you want to use this skill inside OpenClaw, consider converting the server/CLI usage into a safer wrapper that passes prompts as structured inputs (not string-injected commands) or invokes the ACE‑Step API directly from Python code with arguments rather than composing shell/python -c strings. If you want, I can point to the exact lines that perform shell interpolation and provide a suggested safer code pattern to replace them.

Like a lobster shell, security has layers — review code before you run it.

aivk978q0y94smdszdbsd8bbwz1bh826h34apple-siliconvk978q0y94smdszdbsd8bbwz1bh826h34latestvk978q0y94smdszdbsd8bbwz1bh826h34mlxvk978q0y94smdszdbsd8bbwz1bh826h34musicvk978q0y94smdszdbsd8bbwz1bh826h34

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments