Control a sandboxed MetaMask browser extension wallet for autonomous blockchain transactions. Features configurable permission guardrails including spend limits, chain allowlists, protocol restrictions, and approval thresholds. MetaMask-only (other wallets not supported).
Controls a sandboxed MetaMask wallet for autonomous blockchain transactions with configurable permission guardrails.
This skill allows AI agents to interact with dapps and execute transactions through a dedicated MetaMask wallet. All operations are subject to user-defined constraints (spend limits, protocol allowlists, approval thresholds).
Security Model: The agent controls a separate wallet in an isolated browser profile. Never use your main wallet.
cd metamask-agent-skill
npm install
npx playwright install chromium
npm run setup
This will:
~/.agent-wallet/chrome-profileTransfer a small amount to your agent wallet:
Edit permissions.json to set your constraints:
{
"constraints": {
"spendLimit": {
"daily": "50000000", // $50 in 6-decimal format
"perTx": "10000000" // $10 max per transaction
},
"allowedChains": [1, 137, 42161],
"allowedProtocols": ["0x...uniswap", "0x...1inch"]
}
}
connect <dapp-url>
Navigates to dapp and connects the agent wallet.
Example: connect https://app.uniswap.org
swap <amount> <token-in> for <token-out> [on <dex>]
Executes a token swap on an allowed DEX.
Example: swap 0.01 ETH for USDC on uniswap
send <amount> <token> to <address>
Sends tokens to an address (within spend limits).
Example: send 10 USDC to 0x1234...
sign <message>
Signs an arbitrary message. Use with caution.
balance [token]
Returns wallet balances.
history [count]
Shows recent agent transactions with outcomes.
All operations check against permissions.json before execution:
| Constraint | Description |
|---|---|
spendLimit.daily | Max USD value per 24h period |
spendLimit.perTx | Max USD value per transaction |
allowedChains | Whitelisted chain IDs |
allowedProtocols | Whitelisted contract addresses |
blockedMethods | Forbidden function selectors |
requireApproval.above | Threshold requiring user confirmation |
When a transaction exceeds requireApproval.above:
"revoked": true in permissions.json to disable all actionsAll transactions are logged to ~/.agent-wallet/logs/:
{
"timestamp": 1706900000000,
"action": "swap",
"intent": { "to": "0x...", "value": "0", "data": "0x..." },
"guardResult": { "allowed": true },
"outcome": "confirmed",
"txHash": "0x..."
}
Use history command to view recent transactions.
Add the contract address to allowedProtocols in permissions.json.
Wait 24h or increase spendLimit.daily.
Ensure the browser profile path is correct and MetaMask is installed.
The dapp may be trying to call a blocked method or unsupported chain.
src/
├── index.ts # Main entry point
├── browser.ts # Playwright browser management
├── wallet.ts # MetaMask interaction primitives
├── guard.ts # Permission enforcement
├── logger.ts # Transaction logging
├── price.ts # USD price estimation
├── types.ts # TypeScript types
└── config.ts # Configuration loading
When Gator accounts are available, permissions.json can be replaced with on-chain permission attestations. The guard will validate against Gator's permission registry instead of local config.