Security audit
MetaMask Agent Wallet
Security checks across malware telemetry and agentic risk
Overview
The skill is transparently aimed at automating a separate MetaMask wallet, but it asks users to rely on missing setup code and unverified guardrails for irreversible crypto actions.
Review before installing. Use only a brand-new MetaMask wallet with very small funds, never your main wallet or seed phrase, and do not trust the advertised spend limits or approval flow until the full source, package scripts, lockfile, and permission enforcement are available and reviewed.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
