Monet AI
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal Monet AI API reference skill, but it lets an agent use a Monet API key to send prompts or media to Monet and create generation tasks.
Before installing, verify the Monet service, keep MONET_API_KEY in a secure environment variable, avoid hardcoding or sharing it, and set clear limits for when the agent may create paid or resource-consuming generation tasks. Do not send sensitive prompts, images, lyrics, or business content unless you are comfortable with Monet’s privacy and retention practices.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed with a valid key, the agent may be able to create API tasks under the user’s Monet account.
The skill requires a Monet API key, which is expected for a Monet API integration but grants the agent delegated access to the user’s Monet account.
MONET_API_KEY # Required: API key from monet.vision
Use a dedicated, least-privileged API key if available, store it only in environment variables, rotate it if exposed, and monitor account usage or spending.
An agent using this skill could submit content-generation jobs to Monet when asked to generate media.
The skill documents direct API calls that create asynchronous generation tasks. This is central to the skill’s purpose, but task creation can consume provider resources or credits.
curl -X POST https://monet.vision/api/v1/tasks/async ... "type": "video" ... "model": "sora-2"
Set clear user approval, budget, and rate-limit expectations before allowing the agent to create generation tasks.
Prompts, image references, and generation requests may be transmitted to Monet’s service.
The API examples send prompts and optional image references to an external Monet endpoint. This is expected for content generation, but it is an external data boundary.
https://monet.vision/api/v1/tasks/async ... "prompt": "A cat running in the park" ... images?: string[]
Avoid sending confidential, private, or regulated content unless Monet’s privacy, retention, and usage terms meet your needs.
Users have less registry-level provenance information to confirm who maintains the skill.
The registry metadata does not provide a source repository or homepage. There is no code install here, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Verify monet.vision and the API documentation independently before trusting the skill with an API key.