Does the Snap have access to my private keys?
No, the Snap does not have access to your private keys, nor can it take any actions on your behalf (it cannot sign the transaction and it cannot access assets held in your wallet)
How does the Snap work?
The Snap executes the following steps in sequence:
A) It performs a full simulation of the unsigned transaction, against a node that has the exact state of the blockchain you're about to interact with. This simulation contains all of the asset balance changes that would occur if the transaction executed.
B) It runs the simulated output through Noves's translation engine, which deeply understands the architecture and behavior of hundreds of millions of smart contracts, and can convert the raw data from the simulation into an English sentence describing what is about to happen.
It is step B) that truly sets the Noves Snap apart. It is the only solution in the market that can provide this level of "real world" meaning and context.
Will the Snap tell me if I'm about to interact with a malicious contract?
For malicious contracts that we have already identified, yes. But please keep in mind that there's no perfect solution for this yet, and detection of malicious activity is provided on a "best effort" basis.
In other words, just because you didn't get a warning that the contract is malicious, doesn't mean that it isn't. At the end of the day, you always want to evaluate whether the asset balance changes and the description of what's going to happen match what you'd consider normal (based on the context in which you're signing the transaction).