ClawHub

MetaMask Smart Accounts KIt

Security checks across malware telemetry and agentic risk

Overview

This is a coherent instruction-only MetaMask development reference, but it covers wallet permissions and on-chain transactions that can move assets if users approve them.

Install this skill only if you want help building MetaMask smart-account features. Before using generated code, verify dependencies, use testnets, check every chain ID, contract, recipient, amount, expiry, and delegate address, and never paste real private keys into examples.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

If generated code uses the wrong chain, contract, recipient, amount, or calldata, a user could approve an irreversible transaction.

Why it was flagged

The skill includes examples for submitting user operations and blockchain transactions. This is expected for MetaMask smart-account development, but these actions can change on-chain state or transfer assets.

Skill content
const userOpHash = await bundlerClient.sendUserOperation({ ... }) ... const txHash = await delegateWalletClient.sendTransaction({ ... })
Recommendation

Use testnets first, verify addresses and amounts, preserve wallet confirmation steps, and require explicit user review before signing or sending transactions.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

A delegated or session account may be able to execute permitted transactions for the user until the permission expires.

Why it was flagged

The advanced-permissions workflow intentionally grants delegated authority to a session account. This is disclosed and purpose-aligned, but it is sensitive account authority.

Skill content
Session account receives permission to execute on user's behalf
Recommendation

Keep expiries short, set strict token and amount limits, verify the delegate/session address, use caveats where available, and avoid putting real private keys into example code or shared chats.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing external packages can introduce dependency risk if the package name, registry, or repository is not the intended one.

Why it was flagged

The skill instructs users to install external development dependencies. The versions are pinned and relevant to the stated purpose, but package provenance still matters.

Skill content
npm install @metamask/smart-accounts-kit@0.3.0 ... forge install metamask/delegation-framework@v1.3.0
Recommendation

Verify package names, versions, and repository sources against official MetaMask documentation before installing.