Snipara Mcp
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Snipara MCP integration, but users should understand that it stores Snipara credentials and sends queries, documents, memories, and shared agent context to Snipara’s service.
Install this only if you are comfortable connecting your assistant to Snipara’s hosted service. Verify the package source, use scoped credentials, protect the local token file, and be deliberate about what documents, queries, memories, and shared agent state you allow the tool to process.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Questions, search terms, and any tool-provided content may be sent to Snipara for processing.
MCP tool calls and their parameters are relayed to Snipara’s hosted API. This is expected for a hosted documentation search service, but users should be aware that agent queries and tool inputs leave the local environment.
response = await client.post(f"{API_URL}/v1/{PROJECT_ID}/mcp", headers=get_headers(), json={"tool": tool, "params": params})Use the tool for intended documentation/search workflows, and avoid sending secrets or private content unless you are comfortable with Snipara processing it.
Anyone who gains access to the local token file may be able to access the associated Snipara project until tokens are revoked or expired.
The skill stores OAuth access and refresh tokens under the user's home directory for later Snipara API access. This is purpose-aligned authentication behavior and the code also sets restrictive file permissions, but it is still credential persistence.
TOKEN_FILE = TOKEN_DIR / "tokens.json" ... "access_token": token_data["access_token"], "refresh_token": token_data.get("refresh_token")Protect the local account, use scoped Snipara projects/keys, and run the provided logout or revoke tokens if the machine is shared or compromised.
A user could install a package version or source they did not intend if they do not verify the package identity.
The registry metadata does not provide a source or install spec, while the artifacts include package code and documentation that instruct users to install snipara-mcp via package managers. This is not malicious by itself, but it creates a provenance check users should perform.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Install from the documented Snipara/PyPI/GitHub source only, verify the package name and version, and avoid untrusted mirrors.
Information saved as memory may be reused in later sessions and could influence answers even when the user has forgotten it was stored.
The skill intentionally supports persistent memory across sessions. This is a disclosed feature, but stored memories can affect future agent behavior and may contain sensitive preferences, decisions, or project context.
Use `rlm_remember` to store important info for future sessions
Only store information that should persist, review or delete memories periodically, and avoid saving secrets or sensitive personal data.
Shared agent state or broadcasts could expose project context to other configured agents or make one agent’s mistaken state affect others.
The README discloses enterprise features for shared state and broadcasting between agents. This is presented as part of Snipara’s agent infrastructure, but inter-agent shared state can spread incorrect or sensitive context if not governed.
Multi-Agent Swarms - Coordinate multiple AI agents with: Shared state management ... Event broadcasting
Enable swarm features only in trusted projects, define clear team boundaries, and review what state or messages are shared between agents.