ClawHub

MetaMask Smart Accounts KIt

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only MetaMask smart-account development skill; its delegated wallet automation examples are sensitive but disclosed and aligned with the purpose.

Install this only if you are building with MetaMask Smart Accounts. Use testnets first, never paste or commit real private keys, prefer wallet-managed signing or KMS/HSM-backed secrets for production, and keep delegations limited by amount, target, redeemer, call count, and expiry with clear user consent and revocation controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These examples normalize backend-controlled redemption bots and session-key usage for asset-moving authority without clearly warning that such flows can autonomously move user funds within delegated limits and that session keys are highly sensitive secrets. In a Web3 smart-account context, this omission is dangerous because developers may copy the pattern into production with insecure key storage, overly broad delegations, or unattended automation that can be abused if the backend or environment is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The integration example explicitly demonstrates backend- or schedule-triggered automated token operations on a user's behalf over an extended period, but it does not prominently warn that this creates ongoing delegated spending authority after the initial approval. In a wallet/delegation context, omitting that warning can mislead developers into building flows where users do not fully understand that future fund movements may occur without additional prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal