monet

SUSPICIOUS: The skill's main behavior fits its stated purpose, and there is no clear credential harvesting or malicious exfiltration in the text. However, trust is weakened by the undocumented localhost server, mismatch with Monet's public hosted MCP setup, unclear publisher relationship, and unpinned remote code/dependency intake into the user's project.

This module is a security-sensitive code-injection/supply-chain helper: it fetches untrusted component source text from a (plain HTTP, no-auth) local registry and writes it verbatim into the project’s .tsx source tree with minimal content modification. It also allows potentially arbitrary file placement/overwrite through --output (especially when absolute). While there is no direct evidence of malware such as exfiltration or shell execution in this snippet, the design enables persistence of malicious application code if the local registry response or endpoint is compromised.