Optional Timelock for Private Key Reveals

Description:

Problem

With AI agents increasingly using MetaMask to interact with Web3 apps, they’re vulnerable to prompt injection attacks. If an AI agent gets compromised through prompt injection, it can instantly extract private keys from MetaMask with no opportunity for the human owner to intervene.

Proposed Solution

Add an optional timelock setting in Advanced preferences:

• User enables “Private Key Reveal Delay”
• Configurable delay options: 1 hour, 1 day, 1 week
• When user clicks “Export Private Key”, show countdown timer instead of immediate reveal
• Include cancel button during countdown
• After timeout, proceed with normal password confirmation

UI Flow

1. Click “Export Private Key”
2. If enabled: “Private key will be revealed in 23:45:12… [Cancel]”
3. After timeout: Normal password prompt + key display
   This would make MetaMask safer for AI agent interactions while maintaining human control over critical operations.

Purpose:

• AI Safety: Prevents prompt-injected AI agents from instant key theft
• Human Oversight: Gives owners time to notice and stop unauthorized access
• General Security: Additional protection against malware/phishing
• Backward Compatible: Opt-in feature, default OFF
UI Flow

Extension/Mobile/Both:
Both

Images/Attachments:

Hi and thank you for creating this feature request post!

The issue raised in this post highlights a serious security concern regarding AI agents interacting with MetaMask. Adding an optional “Private Key Reveal Delay” in Advanced settings is a practical and forward-thinking solution. A configurable countdown (1 hour, 1 day, 1 week) with a visible timer and cancel option would introduce an important safety buffer. This delay would help prevent instant private key extraction in case of prompt injection, while still allowing legitimate users to proceed after the timeout and password confirmation. Keeping the feature opt-in and backward compatible makes it flexible without disrupting existing users.