ClawHub

Snaplii AI Agent Cashback Payment

Security checks across malware telemetry and agentic risk

Overview

This financial skill is mostly disclosed, but it asks the agent to handle a reusable API key and includes bill-payment authority that is broader than the headline gift-card description.

Review carefully before installing. Use it only if you are comfortable letting an agent help with Snaplii-funded purchases and bill payments, and avoid pasting your Snaplii API key into chat; prefer entering it directly into a trusted CLI prompt yourself. Confirm merchant, biller, account, amount, province/state, and final cost before any payment command runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill metadata and top-level description frame the capability as gift-card-based A2M payments, but the body adds bill payment flows that are materially different financial operations. This scope expansion can mislead users, reviewers, and policy gates, causing the agent to perform higher-sensitivity actions than expected under incomplete consent or oversight.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The document says API keys are managed only in the Snaplii app, but also instructs the agent to handle re-authentication by taking the user's API key and feeding it into the CLI. That inconsistency encourages credential handling by the agent, increasing the chance of secret exposure in chat logs, telemetry, or tool traces.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly directs the agent to collect the user's API key and input it on the user's behalf during re-authentication. In a financial skill, this is dangerous because it normalizes credential harvesting and places a reusable secret into the agent interaction channel, where it may be logged, retained, or mishandled.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal