Aoment Image Video
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked unintentionally, the skill could use the Aoment account's free or paid quota and send prompts to the provider.
The skill exposes active provider operations that can generate media and use account quota. This is aligned with the stated purpose, but users should understand these are not purely local/read-only actions.
Supports text-to-image, image-to-image, image recognition, video generation, and image HD repair service ... # 5. Check remaining quota uv run {baseDir}/scripts/aoment_quota.py -k <your-api-key>Ask the agent to confirm before quota-consuming generation or repair tasks, especially for large video or HD repair requests.
Anyone who obtains the API key may be able to use the associated Aoment quota or account access.
A provider API key is required and is sent as a bearer token to Aoment endpoints. This is expected for the service and no unrelated credential access or hardcoded secret is shown.
This skill requires an Agent API Key via: Authorization: Bearer <api_key> ... Save the returned `api_key`; it is used for all subsequent skill calls.
Store the API key securely, avoid exposing it in shared chats or logs, and rotate it if it is accidentally disclosed.
Selected local images, image URLs, base64 image data, and prompts may leave the local environment and be processed by Aoment.
For HD repair, a user-specified image is read and uploaded to the Aoment API with the API key. Similar provider uploads are used for image recognition and media generation.
filename, image_bytes, content_type = _read_image_source(args.image) ... requests.post(url, data=data, files=files, headers=_auth_headers(args.api_key), timeout=REQUEST_TIMEOUT)
Only use the skill with media and prompts you are comfortable sending to Aoment, and avoid private or regulated images unless Aoment's data handling terms are acceptable.
A future update package could change behavior, and the provider can observe version-check traffic during use.
The skill checks a remote version endpoint and directs users to a provider-hosted zip for updates. This is disclosed and manual rather than automatic code replacement, but users must trust the update source.
Download the latest package: https://www.aoment.com/downloads/aoment-image-video-skill.zip ... Before each invocation, the Python scripts read the `version` field above and query: GET https://www.aoment.com/api/skills/aoment-image-video/version
Install updates only from the expected Aoment source or registry entry, and review update contents before replacing the skill.