pp-suno
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI tool via
npx -y @mvanhorn/printing-press. This package belongs to the verified author's namespace on NPM. - [REMOTE_CODE_EXECUTION]: The installation step uses
npx, which downloads and executes code from the NPM registry. This is the intended installation method for the vendor's tool. - [COMMAND_EXECUTION]: The skill utilizes the
ReadandBashtools to execute commands against thesuno-pp-clibinary for generating music and managing account data. - [CREDENTIALS_UNSAFE]: The skill uses an authentication method (
suno auth login --chrome) that imports session cookies from the user's browser. While sensitive, this is a documented requirement for interfacing with the unofficial Suno API. - [DATA_EXFILTRATION]: A
feedbackcommand is included that can send local logs to a remote endpoint. This functionality is disabled by default and requires the user to explicitly set theSUNO_FEEDBACK_ENDPOINTenvironment variable.
Audit Metadata