MetaMask Agent Wallet
Security checks across malware telemetry and agentic risk
Overview
This skill is clearly about automating a separate MetaMask wallet, but it asks users to run missing npm setup code and rely on unverified guardrails for irreversible crypto actions.
Review before installing. Use only a brand-new MetaMask wallet with very small funds, never your main wallet or seed phrase, and do not run the npm setup or trust the advertised spend limits until the full source, package scripts, lockfile, and permission enforcement are available and reviewed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.