acestep

SUSPICIOUS: The core capability matches a music-generation skill, but the trust boundary is broader than it first appears. It forces use of an unseen shell wrapper, allows arbitrary remote API routing, stores API keys locally, uploads user audio/content to the configured service, and instructs the agent to rely on multiple additional skills. This is not clearly malicious, but it carries medium security risk and should only be used when the script and target endpoint are verified.