Snaplii AI Agent Cashback Payment MCP
ReviewAudited by ClawScan on May 14, 2026.
Overview
This is a disclosed Snaplii payment MCP skill, but it can spend prepaid Snaplii balance and manage payment credentials, so users should install and authorize it carefully.
Before installing, make sure you trust Snaplii and the snaplii-cli package. Use the least-privileged API key possible, set a low spending limit, verify every purchase amount and brand before confirming, and only reveal gift card codes or PINs when you actually need them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user confirms the wrong brand, amount, or region, the agent could place an unwanted gift card order.
The skill exposes a tool that can spend prepaid Snaplii balance. The artifact does require explicit confirmation, making this purpose-aligned but still high-impact.
`snaplii_purchase` ... Purchase a gift card ... **Requires explicit user confirmation before every call.**
Only confirm purchases after checking the brand, face value, exact dollar amount, and region in the current conversation turn.
A PAY_WRITE key can authorize purchases from the user’s prepaid Snaplii Cash balance within its limit.
The skill relies on a user-created Snaplii API key that may grant read or write payment authority, bounded by the user-selected scope and spending limit.
Create an API Key ... Set a name, scope (`PAY_READ` or `PAY_WRITE`), and spending limit.
Use PAY_READ unless purchases are needed; for PAY_WRITE, set a low spending limit and revoke the key when no longer needed.
Gift card codes and PINs can be used to redeem value, so exposing them unnecessarily could put funds at risk.
The skill can retrieve sensitive payment-instrument details. The README limits this to explicit user requests, which is appropriate but important.
`snaplii_giftcard_detail` ... Get full card details including redemption code and PIN. **Only use when user explicitly asks** — sensitive data.
Ask for full gift card details only when needed, and avoid sharing redemption codes or PINs in untrusted chats or logs.
The safety of the installed payment tools depends on the external package and its installed version.
The actual MCP server is installed from external Python packages rather than included in the reviewed bundle, so this review cannot verify the runtime code.
pip install snaplii-cli "mcp[cli]"
Install only from the official Snaplii package/source, consider pinning a known version, and review the package before using a payment-enabled API key.