acestep
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script (
scripts/acestep.sh) to manage API interactions. It executes standard system utilities includingcurlfor network requests,jqfor JSON parsing, andpython3orbase64for encoding/decoding audio data. - [EXTERNAL_DOWNLOADS]: The script downloads generated music files (MP3/WAV) and JSON task metadata from the configured API server. By default, it connects to a local instance (
127.0.0.1:8001) or the official vendor endpoint (api.acemusic.ai). - [DATA_EXFILTRATION]: As part of its core functionality, the skill transmits music style descriptions, lyrics, and local audio files to the specified API endpoint. This is the intended behavior for a music generation service.
- [CREDENTIALS_UNSAFE]: The skill stores an optional API key in
scripts/config.json. The implementation includes safety measures to mask the key during configuration listings (config --list) and provides explicit instructions to the AI agent to avoid exposing the key through other commands.
Audit Metadata