MetaMask Agent Wallet
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may be asked to run code that is not available for review before giving it control over a funded browser wallet.
The skill tells users to install and run an npm setup workflow, but the provided artifact set contains only SKILL.md with no install spec or code files. For a wallet controller, unreviewed setup code is a material provenance gap.
cd metamask-agent-skill npm install npx playwright install chromium ... npm run setup
Do not run the setup unless the complete source, package files, lockfile, and installer behavior are provided and reviewed from a trusted source.
If misconfigured or implemented incorrectly, the agent could move funds or sign messages the user did not fully intend.
The skill exposes irreversible financial actions and arbitrary wallet signatures. The artifacts describe guardrails, but do not provide the implementation or a clear approval policy for all signing cases.
Executes a token swap on an allowed DEX. ... Sends tokens to an address (within spend limits). ... Signs an arbitrary message. Use with caution.
Require explicit user confirmation for every transaction and every signature, disable arbitrary signing by default, and keep only minimal funds in the agent wallet.
Anyone or anything that can access that browser profile may be able to use the agent wallet.
The skill creates a persistent MetaMask profile that will hold wallet authority. This is purpose-aligned and the skill advises using a new wallet, but it is still sensitive privilege.
Create a fresh Chrome profile at `~/.agent-wallet/chrome-profile` - Install MetaMask extension - Guide you through wallet creation (use a NEW seed phrase)
Use only a new, low-value wallet; never import a primary seed phrase; and protect or remove the profile when not needed.
Local logs may reveal wallet activity, counterparties, and transaction intent to anyone with access to the machine.
The skill persists transaction intents, outcomes, addresses, and hashes locally. This is useful for auditability, but it creates a durable history of wallet activity.
All transactions are logged to `~/.agent-wallet/logs/`
Review log retention, protect the directory, and delete logs when they are no longer needed.