pp-suno

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI tool via npx -y @mvanhorn/printing-press. This package belongs to the verified author's namespace on NPM.
  • [REMOTE_CODE_EXECUTION]: The installation step uses npx, which downloads and executes code from the NPM registry. This is the intended installation method for the vendor's tool.
  • [COMMAND_EXECUTION]: The skill utilizes the Read and Bash tools to execute commands against the suno-pp-cli binary for generating music and managing account data.
  • [CREDENTIALS_UNSAFE]: The skill uses an authentication method (suno auth login --chrome) that imports session cookies from the user's browser. While sensitive, this is a documented requirement for interfacing with the unofficial Suno API.
  • [DATA_EXFILTRATION]: A feedback command is included that can send local logs to a remote endpoint. This functionality is disabled by default and requires the user to explicitly set the SUNO_FEEDBACK_ENDPOINT environment variable.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:44 AM
Security Audit — agent-trust-hub — pp-suno