Snaplii AI Agent Cashback Payment

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent about payments, but it exposes an arbitrary gateway-switching command inside a financial workflow.

Install only if you trust the Snaplii CLI and publisher, and avoid using gateway/base-url switching unless you are deliberately connecting to a trusted Snaplii environment. Before any purchase or bill payment, verify the amount, biller or brand, region, and that payment is coming only from your Snaplii Cash balance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: Exposing `snaplii config set --base-url URL` gives the agent a way to redirect a financial CLI to an arbitrary backend, which could enable credential capture, token exfiltration, fraudulent transactions, or deceptive responses if misused. This is especially sensitive in a payments skill because the same session handles API keys, balances, purchases, and bill payments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal