Back to skill
Skillv1.0.2
VirusTotal security
snaplii-ai-agent-cashback-payment · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 9:11 PM
- Hash
- 9ac1414d712eef9c94a9651c88ae59ef5f476289c34732ccddc81c7e312cc740
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snaplii-ai-agent-cashback-payment Version: 1.0.2 The skill facilitates high-risk financial transactions and credential management via the `snaplii` CLI tool. It uses the Bash tool to execute commands and includes logic in `SKILL.md` to probe system directories (e.g., `~/.local/bin`, `~/Library/Python/3.x/bin`) to locate the binary. While the instructions include robust security guardrails—such as masking API keys and gift card PINs, requiring explicit user confirmation for purchases, and explicitly warning the agent about prompt injection from external gateway content—the inherent capability to handle real-money transactions and sensitive redemption codes qualifies it as suspicious under the provided criteria.
- External report
- View on VirusTotal