Suno
v1.0.0Generate AI music with Suno via API or browser, with prompt engineering and song extensions.
⭐ 0· 665·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (generate music via Suno using API or browser) match the instructions: the skill documents programmatic use of third‑party APIs (aimusicapi.ai, evolink.ai), browser automation for suno.com, and local project memory at ~/suno/. However the SKILL.md also contains a contradictory statement — "All data stays on your machine. The skill itself makes no external requests." — while many sections explicitly describe posting prompts and lyrics to remote endpoints. That contradiction undermines trust in the documentation.
Instruction Scope
Runtime instructions are extensive and concrete (API request/poll flows, browser automation actions, where to create ~/suno/ and what to store). Most actions are within the stated purpose, but the file simultaneously claims no external requests will be made while instructing the agent how to call external APIs and the suno.com site. The browser automation steps include simulated clicks and downloads which require an agent browser capability and an interactive login — those are expected but worth noting.
Install Mechanism
Instruction-only skill with no install spec and no code files. This is low-risk from an install/remote-download perspective because nothing is written or executed by an installer.
Credentials
The skill does not require any environment variables at install time, which is proportionate. The docs show optional usage of AIMUSICAPI_KEY and EVOLINK_API_KEY when using the hosted APIs; requiring API keys only when using those modes is reasonable. The mismatch is that SKILL.md claims API keys aren't transmitted/that no external requests occur — which conflicts with the API examples that explicitly use env vars for authentication.
Persistence & Privilege
The skill creates a local directory (~/suno/) and stores non-sensitive preferences/prompts there; it does not declare always:true or any elevated platform privileges. Local persistence is scoped to its own folder and is proportional to its stated function.
What to consider before installing
This skill appears to be what it says (guides prompt engineering, can use third‑party APIs, and can automate the suno.com UI), but there is an important documentation inconsistency: SKILL.md asserts "the skill itself makes no external requests" while multiple sections show API flows (aimusicapi.ai, evolink.ai) and browser automation that will contact external endpoints. Before installing or using:
- Treat API usage as optional: the skill will only contact remote services if you choose the API mode or let it drive a browser session. If you don't want external network calls, stick to prompt/lyrics guidance without invoking API/browser operations.
- Verify you trust the third‑party services (aimusicapi.ai, evolink.ai) before giving API keys. Use environment variables (system keychain) rather than writing keys to files.
- Expect browser automation to simulate clicks and require you to log in interactively; do not allow automation to reuse credentials or session tokens unless you understand the behavior.
- Ask the author to clarify the contradictory statement about "no external requests"; if that was a documentation error, the skill is likely benign but sloppy. If they intended the skill to never call external endpoints, verify how the agent enforces that.
What would change this assessment: an author clarification/corrected SKILL.md removing the contradictory claim (increasing confidence toward benign), or conversely any hidden code or install scripts that download/execute remote binaries (would raise severity).Like a lobster shell, security has layers — review code before you run it.
latestvk9784pyhzeped7e282s612h7rs81xe86
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎵 Clawdis
OSLinux · macOS · Windows