StepAce Experimental

v0.0.2

Generate AI music on your Android phone via the StepAce Experimental app. Use this skill whenever the user asks to generate, create, make, compose, or queue...

⭐ 0· 84·0 current·0 all-time

by@ckadirt

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ckadirt/stepace-experimental.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "StepAce Experimental" (ckadirt/stepace-experimental) from ClawHub.
Skill page: https://clawhub.ai/ckadirt/stepace-experimental
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: STEPACE_TOKEN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install stepace-experimental

ClawHub CLI

Package manager switcher

npx clawhub@latest install stepace-experimental

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description match the required capability (music generation on an Android app). Requested credential (STEPACE_TOKEN) is appropriate for pairing. However, the runtime endpoint used (a personal/worker.dev domain) does not match the declared homepage (cronicaia.com) or an obvious official StepAce API, which is incongruent with expectations.

Instruction Scope

SKILL.md instructs the agent to POST the pairing token and generation payload to an external bridge URL. Examples include 'source /home/deploy/.stepace-env' (an odd hard-coded local path) and a recommendation to prefer curl over normal HTTP clients—both of which are unexpected and could encourage running local commands or sourcing files that may contain secrets. The instructions do not require reading other unrelated system files, but the examples/reference paths and strong transport preferences are suspicious.

✓

Install Mechanism

No install spec and no code files — instruction-only. This minimizes disk-level risk because nothing will be written/executed by an installer. The primary runtime action is an outbound HTTP POST.

ℹ

Credentials

Only a single env var (STEPACE_TOKEN) is required, which is proportional for a pairing token. However, because the skill sends that token to an unexpected third-party worker.dev endpoint (not the homepage domain), the token could be transmitted to an untrusted service — increasing exfiltration risk despite the small number of credentials requested.

✓

Persistence & Privilege

Skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-level privileges or modify other skills' configs. Nothing in the metadata requests elevated or permanent platform-wide privileges.

What to consider before installing

Before installing or setting STEPACE_TOKEN, verify the bridge endpoint and publisher: 1) Confirm that https://cronicaia.com (the declared homepage) documents this exact bridge URL or otherwise references the Cloudflare worker domain; if not, treat the worker endpoint as untrusted. 2) Ask the skill author or vendor for an official API endpoint and source code or a privacy/security statement explaining why a worker.dev URL is used. 3) Avoid pasting your real pairing token into public chats; consider creating a disposable/test token if the app supports it. 4) Do not run example commands (like sourcing /home/deploy/.stepace-env) that reference files you don't recognize. 5) If you proceed, monitor network and app behavior and revoke/regenerate the token from the phone app if anything looks unexpected. If the vendor cannot justify the third-party worker endpoint or provenance, do not provide sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis

EnvSTEPACE_TOKEN

latestvk97crkt57sc9nnzbjxs2sq67s5840tsq

84downloads

0stars

2versions

Updated 3w ago

v0.0.2

MIT-0

StepAce Experimental — AI Music Generation

Queue or schedule AI-generated songs directly to your Android phone through the StepAce Experimental app.

🚀 Setup (first time only)

Before using this skill, you need to connect it to your StepAce Experimental app:

Open the StepAce Experimental app on your Android phone
Go to Settings (bottom tab)
Tap OpenClaw Bridge
Tap Connect — the app generates a unique pairing token
Copy the pairing token shown on screen
Tell your agent:

"Set my StepAce token to <paste token here>"

Your agent saves it as STEPACE_TOKEN. You only need to do this once — unless you regenerate your token in the app.

Token management

"Set my StepAce token to XYZ" → save as STEPACE_TOKEN
"Reset my token" → remind user: StepAce Experimental app → Settings → OpenClaw Bridge → Connect → paste new token
"What's my token?" → confirm it's set, show only first 4 + last 4 chars (e.g. T2L_****IP0)
If STEPACE_TOKEN is not set when the user asks to generate music → walk them through setup before proceeding

Generation types

Immediate — `enqueue_generation`

Queues a song to generate right now on the phone. Use this by default.

Scheduled — `schedule_generation`

Queues a song to generate at a specific future time. Use this when the user gives a time or date ("tonight at 2am", "schedule for tomorrow morning", etc.). Requires scheduledAt as a Unix timestamp in milliseconds.

Parameters exposed to the user

Only caption is required. All others are optional — omit them entirely from the payload if not specified (do not send null or empty values).

Parameter	Type	Notes
`caption`	string	Required. Describe style, mood, genre, instruments. Be descriptive.
`lyrics`	string	Song lyrics. Ignored if `instrumental: true`.
`instrumental`	boolean	`true` = no vocals. If `true`, do NOT send `lyrics`. If user provides lyrics, set `false`.
`bpm`	integer	Tempo, 20–300. Infer from genre if confident (e.g. techno → 132, lo-fi → 85).
`duration`	integer	Length in seconds, 5–300. Defaults to ~30s if omitted.
`keyscale`	string	Key and scale, e.g. `"C minor"`, `"F# major"`, `"A dorian"`.
`timesignature`	string	`"4/4"` or `"3/4"` only.
`vocal_language`	string	BCP-47 tag for vocals. e.g. `"en"`, `"es"`, `"pt"`, `"fr"`, `"ja"`, `"ko"`. Only relevant when `instrumental: false`. Defaults to `"en"`.

Instrumental logic

User provides lyrics → instrumental: false, include lyrics
User says "no vocals" / "instrumental" / "beat" → instrumental: true, omit lyrics
User provides neither → omit both instrumental and lyrics (let the app decide)

API call

Endpoint: POST https://openclaw-bridge.torrico-villanueva-cesar-kadir.workers.dev/openclaw/queue Header: Content-Type: application/json

Preferred transport

Use curl from the shell as the default/preferred way to call the bridge. Do not prefer Python urllib/generic HTTP clients when curl is available, because the bridge/CDN may treat those clients differently and reject them even when the same payload works via curl.

Immediate generation

Preferred example using curl:

source /home/deploy/.stepace-env

curl -X POST \
  'https://openclaw-bridge.torrico-villanueva-cesar-kadir.workers.dev/openclaw/queue' \
  -H 'Content-Type: application/json' \
  --data '{
    "pairingToken": "'"$STEPACE_TOKEN"'",
    "type": "enqueue_generation",
    "payload": {
      "requestJson": {
        "caption": "cinematic synthwave with huge drums",
        "instrumental": true,
        "bpm": 120,
        "duration": 30
      }
    }
  }'

Equivalent JSON payload:

{
  "pairingToken": "{STEPACE_TOKEN}",
  "type": "enqueue_generation",
  "payload": {
    "requestJson": {
      "caption": "cinematic synthwave with huge drums",
      "instrumental": true,
      "bpm": 120,
      "duration": 30
    }
  }
}

Scheduled generation

Preferred example using curl:

source /home/deploy/.stepace-env

curl -X POST \
  'https://openclaw-bridge.torrico-villanueva-cesar-kadir.workers.dev/openclaw/queue' \
  -H 'Content-Type: application/json' \
  --data '{
    "pairingToken": "'"$STEPACE_TOKEN"'",
    "type": "schedule_generation",
    "payload": {
      "requestJson": {
        "caption": "dark techno with metallic percussion",
        "instrumental": true
      },
      "scheduledAt": 1775120400000
    }
  }'

Equivalent JSON payload:

{
  "pairingToken": "{STEPACE_TOKEN}",
  "type": "schedule_generation",
  "payload": {
    "requestJson": {
      "caption": "dark techno with metallic percussion",
      "instrumental": true
    },
    "scheduledAt": 1775120400000
  }
}

scheduledAt must be a Unix timestamp in milliseconds (13 digits). Convert from the user's stated time using their local timezone if known, otherwise ask.

With lyrics

{
  "pairingToken": "{STEPACE_TOKEN}",
  "type": "enqueue_generation",
  "payload": {
    "requestJson": {
      "caption": "fast energetic electronic anthem with punchy drums",
      "lyrics": "We light the night, we never slow, hearts on fire, we steal the show.",
      "vocal_language": "en",
      "instrumental": false,
      "duration": 30,
      "bpm": 160
    }
  }
}

Success response

{
  "jobRef": "ref_abc123...",
  "status": "queued",
  "type": "enqueue_generation"
}

Reply to the user with a message like:

🎵 Song queued on StepAce Experimental!
Caption: <caption>
📅 Scheduled for: <human-readable time>   ← only if scheduled
Settings: 160 BPM · C minor · 4/4 · 30s  ← only mention fields that were set
Job ref: ref_abc123...

Your phone will notify you when it's done 🎶

Error handling

Error	What to do
Missing / invalid `pairingToken`	Token may have expired. Ask user: StepAce Experimental app → Settings → OpenClaw Bridge → Connect to regenerate, then update the token.
Missing `caption`	Ask the user to describe the music they want.
Missing `scheduledAt` for `schedule_generation`	Ask the user for a specific date/time.
Network error	Tell the user the bridge couldn't be reached. Ask them to check their phone is online and the app has been opened at least once.

Natural language examples

"Make me a dark synth-wave track at 130 BPM" → enqueue_generation, instrumental: true, bpm: 130
"Generate a cumbia song with these lyrics: [...]" → enqueue_generation, instrumental: false, vocal_language: "es"
"Queue a lo-fi beat, 85 BPM, 60 seconds" → enqueue_generation, instrumental: true, bpm: 85, duration: 60
"Schedule a techno track for 2am tonight" → schedule_generation, resolve scheduledAt from current time + user's timezone
"Make a waltz in A minor" → timesignature: "3/4", keyscale: "A minor"
"Something chill in Spanish" → vocal_language: "es", infer a relaxed caption
"Song about the ocean, no lyrics, key of D minor, 45 seconds" → instrumental: true, keyscale: "D minor", duration: 45

Comments

Loading comments...