Back to skill

Security audit

MetaMask Smart Accounts KIt

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MetaMask smart-account development skill; it includes high-impact wallet examples, but they are disclosed and aligned with the skill’s purpose.

Install this skill only if you want MetaMask smart-account and delegation development guidance. Treat copied code as capable of moving real assets: use testnets first, verify chain IDs, recipients, token addresses, amounts, expiries, caveats, bundler/paymaster URLs, and never expose real private keys in source code, prompts, logs, or client-side apps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The examples show how to request and redeem delegations or recurring token permissions, including ERC-20 transfers and periodic allowances, but they do not pair those flows with explicit safety checks such as verifying recipient addresses, limiting scope to the minimum necessary, displaying human-readable risk warnings, or confirming token/value details before authorization. In a Web3 skill focused on smart accounts and delegated spending, omission of these guardrails can lead downstream agents or developers to implement financially dangerous flows that over-authorize token movement or misdirect funds.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example explicitly promotes 'daily automated redemption (backend/schedule)' for token operations after a one-time permission grant, but it does not clearly warn that approval enables ongoing asset movement without per-transaction confirmations until expiry or revocation. In a wallet-permissions context, omitting that warning can normalize dangerous integration patterns and lead developers to build flows that users may not fully understand, increasing the risk of unintended recurring transfers.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.