Skillv1.0.2

ClawScan security

snaplii-ai-agent-cashback-payment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 8:56 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and behavior are consistent with a CLI-based gift-card browsing and purchasing tool; nothing requested looks disproportionate to its stated purpose, but it depends on a local 'snaplii' CLI and on agent runtime features (hidden stdin) so verify those before use.
Guidance: This skill appears coherent with its stated purpose, but review the following before installing/using it: - Confirm you (or your system admin) have installed the official 'snaplii' CLI from a trusted source — the skill will not install it for you. Verify the CLI package's origin and integrity. - Never paste your API key into chat; the SKILL.md expects the CLI to prompt for the key via hidden stdin. Verify your agent runtime/tooling supports hidden stdin prompts so the key isn't exposed in chat history or process listings. - Be aware the agent will run shell commands (which can access files and the network). If you run the agent in an environment where executing the 'snaplii' CLI is unsafe, do not enable this skill. - The CLI stores credentials at ~/.snaplii/config.json. If you want tighter control, inspect/rotate that file and the API key scope (PAY_WRITE) in the Snaplii dashboard. - If you have doubts about the snaplii CLI's provenance or the agent runtime's ability to safely handle secrets, prefer to perform purchases directly via the official Snaplii app/site rather than granting the agent this capability.

Review Dimensions

Purpose & Capability: okThe skill claims to browse, buy, and manage gift cards via the Snaplii platform and its instructions exclusively use a 'snaplii' CLI (or MCP tools). It does not request unrelated credentials, binaries, or system-wide access. Requiring a local CLI and referencing its config file (~/.snaplii/config.json) is coherent with its purpose.
Instruction Scope: noteThe SKILL.md explicitly instructs the agent to execute the snaplii CLI (via MCP tools or Bash) and to manage authentication via 'snaplii init' (hidden stdin). This stays within the stated domain, but relies on the agent runtime supporting hidden stdin prompts and being allowed to execute shell commands. If the runtime cannot provide hidden stdin, the agent might fall back to asking the user to paste secrets into chat — which would be insecure. The skill also instructs not to print or expose internal IDs and to defer showing redemption codes until explicitly requested, which are good safety practices.
Install Mechanism: okThere is no install spec (instruction-only). The skill asks the environment to already have the 'snaplii' CLI available and provides guidance for locating it. No downloads or package installs are performed by the skill itself.
Credentials: okThe skill does not declare or require any environment variables or external credentials in the registry metadata. It instructs obtaining an API key for Snaplii and places credentials in ~/.snaplii/config.json — this is proportional and expected for a CLI-based service. It explicitly warns not to pass API keys on the command line.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It assumes the snaplii CLI will persist credentials in its own config file, which is normal. Autonomous invocation (model invocation enabled) is the platform default and not by itself a red flag.