Skills
skills/metamask/agent-skills/metamask-agent-workflows/Gen Agent Trust Hub

metamask-agent-workflows

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill queries token market data, supply/borrow rates, and position information from the Aave V3 GraphQL API (api.v3.aave.com). This is a well-known DeFi protocol and necessary for the skill's purpose.
  • [EXTERNAL_DOWNLOADS]: Performs a version check against the npm registry to ensure the installed CLI is up to date.
  • [COMMAND_EXECUTION]: Orchestrates multi-step blockchain operations using the official MetaMask mm CLI tool.
  • [COMMAND_EXECUTION]: Utilizes a local Python utility script scripts/amount_to_hex.py for converting token amounts into hex format required for transaction calldata.
  • [SAFE_PRACTICE]: The skill explicitly instructs users to manage sensitive credentials like mnemonics and passwords via environment variables rather than command-line arguments, adhering to standard security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 07:48 AM
Security Audit — agent-trust-hub — metamask-agent-workflows