Back to skill

Security audit

MetaMask Agent Wallet

Security checks across malware telemetry and agentic risk

Overview

The skill is transparently aimed at automating a separate MetaMask wallet, but it asks users to rely on missing setup code and unverified guardrails for irreversible crypto actions.

Review before installing. Use only a brand-new MetaMask wallet with very small funds, never your main wallet or seed phrase, and do not trust the advertised spend limits or approval flow until the full source, package scripts, lockfile, and permission enforcement are available and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.