I guess if you use this, then the security of your key is only as strong as for how many minutes the bruteforce took (since anyone else could also run the tool and generate their own key matching the desired fingerprint in the same amount of minutes you needed - or less).
That's not how randomness works. The expected duration of the attack is only determined by how close they want to get to your artwork.
For example, if you pick the first key you generate, it obviously doesn't mean the attacker can get the same art in one try.
I don't think the idea is to use the visual representation of the SSH key as a security mechanism but rather to have an SSH key that looks cool when you visualize it.
Isn't the whole point of VisualHostKey in ssh to act as a security mechanism, i.e. "yes this looks like the correct server key" on first use on a new client that doesn't already have the key in known_hosts?
The number of minutes being greater than the heat death of the universe
Is the runtime of this application "a number of minutes greater than the heat death of the universe" to find something that could pass off as matching the target visualhostkey?