← 返回 Skills 市场
324
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install suno-ai
功能描述
Generate music via Suno with the local browser-backed flow. Use when the user wants Suno songs, instrumental tracks, lyric-based songs, Suno credit checks, o...
安全使用建议
This skill implements a local browser-backed Suno automation that will access and persist your Suno session cookies/JWTs and can read your Chromium cookie DB (it even contains code to decrypt encrypted cookie values). It also can use an OpenRouter API key (from env or ~/.openclaw/.env) to perform hCaptcha solving via an external model — but the skill metadata does not declare this required credential. Before installing: (1) review the code yourself (or have a trusted developer do so), especially browser_session.py and openrouter_provider.py; (2) be comfortable that the skill will read browser cookies and write tokens/logs to ~/.suno; (3) if you do not want your local browser cookies read, do not run this skill or run it in an isolated VM/container; (4) if you provide an OpenRouter key, recognize it may be used to solve captchas and will incur remote model usage; (5) consider setting SUNO_PYTHON_BIN to a dedicated virtualenv and inspect ~/.openclaw/.env for secrets before running. The behavior is consistent with its stated purpose but contains sensitive operations and undeclared credential usage — exercise caution.
功能分析
Type: OpenClaw Skill
Name: suno-ai
Version: 1.0.0
The skill performs high-risk operations including reading and decrypting the local Chromium cookie database (~/snap/chromium/common/chromium/Default/Cookies) and running a local HTTP server (127.0.0.1:8765) to receive authentication tokens. While these capabilities are documented in SKILL.md as part of a 'browser-backed flow' for Suno AI session recovery and hCaptcha solving, they represent a significant attack surface. The code in browser_session.py specifically implements Chromium cookie decryption using hardcoded fallback credentials (peanuts/saltysalt), and openrouter_provider.py patches external libraries to solve captchas via vision models. No clear evidence of intentional data exfiltration beyond the stated purpose was found, but the level of access to sensitive browser data warrants a suspicious classification.
能力评估
Purpose & Capability
The skill's name/description (Suno music generation, session recovery, credit checks) align with the included code: browser automation, cookie import/validation, and generation flows. However the code also reads a live Chromium Cookies DB, decrypts cookies, and can import cookies from a local HTTP receiver — capabilities that go beyond simple 'call Suno API' behavior. The skill does not declare any required environment variables but clearly expects an OpenRouter API key (OPENROUTER_API_KEY / OPENCLAW_OPENROUTER_API_KEY) and may read ~/.openclaw/.env; that mismatch is noteworthy.
Instruction Scope
SKILL.md directs running local scripts and references paths under ~/.suno (venv, chrome profile, cookie files). The implementation will: read/save normalized cookie headers, import raw cookie JSON, copy and read the Chromium cookie SQLite DB (snap/chromium path), decrypt encrypted cookies, launch a persistent Playwright browser profile, run a local HTTP server to receive cookies, and call Suno endpoints. Those actions involve accessing sensitive local browser artifacts and persisting JWTs/cookies to ~/.suno. The SKILL.md mentions a local cookie receiver and exporting cookies but does not mention the Chromium DB export/decrypt capability or the optional external model service used for hCaptcha solving.
Install Mechanism
No install spec — instruction-only plus bundled Python scripts. Nothing in the manifest downloads remote archives during install. The runtime will rely on a Python virtualenv (~/.suno/venv) and Playwright; the code itself will be written to disk as part of the skill bundle, which is expected for a skill with code files.
Credentials
No required env vars are declared, but the code reads environment variables and files: it looks for OPENROUTER_API_KEY or OPENCLAW_OPENROUTER_API_KEY (and also checks ~/.openclaw/.env), and the helper scripts honor SUNO_PYTHON_BIN. The OpenRouter key is used to patch an hCaptcha challenger to solve image tiles via an external model provider — this is a privileged credential that the metadata does not declare. The skill also writes sensitive artifacts (normalized cookie header, raw cookies, JWT-derived tokens, debug logs) under ~/.suno.
Persistence & Privilege
always is false and the skill does not request forced global inclusion. It persists session artifacts and a browser profile under ~/.suno, which is consistent with its purpose. The skill does not appear to modify other skills or system-wide agent settings in the files shown.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install suno-ai - 安装完成后,直接呼叫该 Skill 的名称或使用
/suno-ai触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial publish
元数据
常见问题
Suno AI 是什么?
Generate music via Suno with the local browser-backed flow. Use when the user wants Suno songs, instrumental tracks, lyric-based songs, Suno credit checks, o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 324 次。
如何安装 Suno AI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install suno-ai」即可一键安装,无需额外配置。
Suno AI 是免费的吗?
是的,Suno AI 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Suno AI 支持哪些平台?
Suno AI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Suno AI?
由 mySebbe(@mysebbe)开发并维护,当前版本 v1.0.0。
推荐 Skills