← Back to Skills Marketplace
jasonzhang-zzx

Suno Claw

by jasonzhang-zzx · GitHub ↗ · v1.0.6 · MIT-0
cross-platform ⚠ suspicious
138
Downloads
0
Stars
0
Active Installs
6
Versions
Install in OpenClaw
/install suno-claw
Description
基于 Suno AI 的多轮迭代创作流程,生成符合 Suno 标准的高质量带歌词或纯音乐作品。
Usage Guidance
This skill is largely what it says (a Suno/kie.ai music-generation workflow), but take the following precautions before installing: - Expect to provide a KIEAI_API_KEY: SKILL.md and the scripts require this env var, but the registry metadata omitted it. Confirm the platform will supply this secret and that the developer updates the manifest. - Do not set CALLBACK_URL to an unknown third-party endpoint. If you want callbacks, use an internal/trusted endpoint or leave CALLBACK_URL empty (the scripts default to polling rather than sending callbacks). - Ensure your OpenClaw environment provides Python and the requests library (the included scripts call requests) or run the scripts in a sandboxed environment. - Be aware the skill stores user-generated lyrics and preference signals locally at suno-claw/memory/ (history.json and patterns.log). If you want to remove stored data, delete that directory. - The docs contain minor inconsistencies (e.g., generator.md mentions a default example callback URL, while the script only sends a callback if CALLBACK_URL is non-empty). Ask the author to clarify and to update the registry metadata to list required env vars and any runtime dependencies before you proceed. If you need to be extra cautious, review the included Python scripts (they are short and call only the advertised kie.ai endpoints) and test the skill in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill Name: suno-claw Version: 1.0.6 The suno-claw skill bundle implements a multi-agent workflow for music generation via the Suno AI (kie.ai API). While the code appears to be a legitimate tool, it is classified as suspicious due to the presence of high-risk capabilities and potential vulnerabilities. Specifically, the orchestrator (executor-main.md) instructs the AI agent to execute shell commands (e.g., `python scripts/suno_generate.py`) using strings generated by sub-agents without sufficient sanitization for shell metacharacters, creating a risk of shell injection (RCE). Additionally, the skill requires external network access to api.kie.ai and performs local file writes to maintain a memory system (history.json, patterns.log), which are considered risky capabilities under the evaluation criteria even when aligned with the stated purpose.
Capability Tags
crypto
Capability Assessment
Purpose & Capability
The code and SKILL.md match the described Suno/kie.ai music-generation purpose: scripts call https://api.kie.ai and the prompts/scripts implement the multi-agent workflow. However the registry metadata lists no required environment variables while SKILL.md and the scripts require KIEAI_API_KEY — this mismatch is a packaging/documentation problem and could hide surprises during runtime.
Instruction Scope
Runtime instructions are narrowly scoped to collecting creative input, running child agents, packaging prompts, calling the kie.ai API, and storing local memory files. The only external network calls are to the documented API. Two points to note: (1) the skill supports an optional CALLBACK_URL which, if set to an external third-party, could cause generated content or notifications to be sent outside your environment (the docs warn about this); (2) prompts reference using web_search / sessions_spawn — these rely on other platform capabilities (browser/web access or subagent runtimes) not bundled here.
Install Mechanism
No install spec or remote download is present; this is an instruction-and-scripts-only skill. The code files are included in the skill bundle (Python scripts) and there are no opaque external installers or downloads in the manifest.
Credentials
The only credential the skill needs at runtime is the kie.ai API key (KIEAI_API_KEY), which is appropriate for the declared functionality. But the skill bundle/registry did not declare this required env var in metadata (registry shows none), creating an incoherence and an operational surprise. CALLBACK_URL is optional but can direct callbacks to arbitrary endpoints — set only to internal/trusted endpoints or leave unset. No other unrelated secrets are requested.
Persistence & Privilege
The skill writes and reads memory files under its own directory (memory/history.json and memory/patterns.log) and documents retention/rotation rules. It does not request always:true or system-wide configuration changes and does not modify other skills' configs. This level of persistence is expected for a personalization workflow.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install suno-claw
  3. After installation, invoke the skill by name or use /suno-claw
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
修复:移除 VERIFY_SSL 环境变量,强制 SSL 验证;完善文档和来源信息
v1.0.4
suno-claw v1.0.4 - 移除环境变量 VERIFY_SSL,所有 SSL 检查设定移除,简化环境配置。 - 文档(SKILL.md、generator.md)已调整,相关说明删除 VERIFY_SSL 项。 - 脚本 suno_generate.py 不再读取或处理 VERIFY_SSL,全面使用默认安全策略。
v1.0.3
- Improved environment variable documentation for `VERIFY_SSL` and `CALLBACK_URL`, adding usage guidance and security recommendations. - Updated memory retention policies to specify auto-truncation for `history.json` and file rotation for `patterns.log`. - Added privacy notice regarding local memory files and simple cleanup instructions. - No core logic changes; documentation and configuration guidance improved for clarity and production safety.
v1.0.2
fix: remove verify=False examples, remove urllib3.disable_warnings, update callback docs to recommend env var over ngrok
v1.0.1
fix: remove hardcoded API keys, make SSL verify configurable via VERIFY_SSL env var, declare KIEAI_API_KEY in metadata
v1.0.0
Initial release
Metadata
Slug suno-claw
Version 1.0.6
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 6
Frequently Asked Questions

What is Suno Claw?

基于 Suno AI 的多轮迭代创作流程,生成符合 Suno 标准的高质量带歌词或纯音乐作品。 It is an AI Agent Skill for Claude Code / OpenClaw, with 138 downloads so far.

How do I install Suno Claw?

Run "/install suno-claw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Suno Claw free?

Yes, Suno Claw is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Suno Claw support?

Suno Claw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Suno Claw?

It is built and maintained by jasonzhang-zzx (@jasonzhang-zzx); the current version is v1.0.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments