Description:
Problem
With AI agents increasingly using MetaMask to interact with Web3 apps, they’re vulnerable to prompt injection attacks. If an AI agent gets compromised through prompt injection, it can instantly extract private keys from MetaMask with no opportunity for the human owner to intervene.
Proposed Solution
Add an optional timelock setting in Advanced preferences:
• User enables “Private Key Reveal Delay”
• Configurable delay options: 1 hour, 1 day, 1 week
• When user clicks “Export Private Key”, show countdown timer instead of immediate reveal
• Include cancel button during countdown
• After timeout, proceed with normal password confirmation
UI Flow
- Click “Export Private Key”
- If enabled: “Private key will be revealed in 23:45:12… [Cancel]”
- After timeout: Normal password prompt + key display
This would make MetaMask safer for AI agent interactions while maintaining human control over critical operations.
Purpose:
• AI Safety: Prevents prompt-injected AI agents from instant key theft
• Human Oversight: Gives owners time to notice and stop unauthorized access
• General Security: Additional protection against malware/phishing
• Backward Compatible: Opt-in feature, default OFF
UI Flow
Extension/Mobile/Both:
Both
Images/Attachments:
