Skillv1.1.0

ClawScan security

SunoMaker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 9:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what its name says (headless Suno automation) but includes multiple incoherent or risky elements (undeclared Gemini API key requirement, encouragement to import/export Google cookies or supply Gmail passwords, and a script that patches an installed hcaptcha library), so proceed with caution.
Guidance: This skill mostly does what it promises (automating Suno via Playwright), but it asks you to handle highly sensitive authentication material and to run a source-patching script. Key things to consider before installing or running: - Do not give your Gmail password to third-party scripts unless you fully trust and audit them; prefer OAuth flows and official APIs. The skill offers cookie import and direct Gmail password login — both expose full account access risk. - The skill asks you to export browser cookies (and the export script can save full cookies). Those cookies can include Google authentication tokens. Treat exported cookie files as extremely sensitive; do not reuse them for other purposes. - The SKILL.md/metadata do not declare the GEMINI_API_KEY environment variable even though the scripts require it for hCaptcha solving. This is a sensitive credential (access to Google AI) you must supply explicitly. The mismatch between metadata and instructions is an incoherence. - patch_hcaptcha.py edits an installed third-party package (hcaptcha-challenger) in-place. Modifying site-packages is high-risk: it can introduce persistent behavior, disable future updates, or create a covert backdoor. Only run this in an isolated environment (throwaway VM or container) and inspect the target file first. - If you still want to try it: run everything in an isolated VM or disposable container, use an account specifically created for this testing (not your primary Google account), and review the patched file contents before and after. Prefer the cookie 'slim' export limited to suno.com if you must use cookies. Consider contacting Suno for official automation/API options instead of bypassing captchas/security checks. Confidence: medium — the code shows clear risky behaviors and metadata/instruction mismatches but does not contain obvious network exfiltration to unknown hosts; additional runtime inspection (full suno_login.py/suno_create_song.py logic) could raise or lower risk assessment.

Review Dimensions

Purpose & Capability: noteRequired binaries (google-chrome, Xvfb) and Playwright-based automation match the stated headless browser automation goal. However, the runtime also requires a Gemini API key for automated hCaptcha solving (sensitive credential) which is not declared in the skill metadata/requirements, and the skill includes code to edit a third‑party library to bypass domain checks — heavier access than a simple 'song creator' would normally need.
Instruction Scope: concernSKILL.md and scripts instruct the user to export full browser cookies from a local browser, scp them to the server, or to provide Gmail email+password for login; both actions involve handling highly sensitive authentication material. The docs explicitly recommend cookie import to 'bypass Google security checks' and include a step (patch_hcaptcha.py) that edits an installed package's source code — scope and data handling exceed what a benign music-generation helper normally needs.
Install Mechanism: concernThere is no formal install spec, but the scripts auto-run pip/playwright installs and include patch_hcaptcha.py which performs in-place edits to an installed package's file. Modifying site-packages at runtime is high risk (can introduce persistent tampering, break other software, and evade easy inspection). The skill also suggests apt installs and running playwright install — normal for Playwright but combined with source patching raises risk.
Credentials: concernDeclared metadata lists no required env vars, yet the runtime explicitly requires a GEMINI_API_KEY (sensitive) for automatic hCaptcha solving and also relies on cookie files or user Gmail credentials. This mismatch (undeclared sensitive env + optional direct credentials/cookie import) is disproportionate and confusing. The cookie export guidance may capture Google auth cookies (broad access) and is not limited to least privilege.
Persistence & Privilege: concernThe skill writes persistent browser profiles (~/.suno/...), saves cookies, and includes a script that overwrites code in hcaptcha-challenger's installed files (system-wide modification). While 'always' is false, the ability to modify third‑party package files and create persistent user-data directories increases blast radius and persistence beyond a normal ephemeral helper.