feat: Perform dappscanning when any EIP-7715 related request is received

[jeffsmale90]

Description

EIP-7715 specifies some new RPC methods that are available without a wallet connection:

• wallet_requestExecutionPermissions
• wallet_getGrantedExecutionPermissions
• wallet_getSupportedExecutionPermissions

Because wallet_requestExecutionPermissions allows a dapp to request permissions from the wallet, it's important that we trigger dapp-scanning of the dapp's domain as early as possible, to ensure the greatest likelihood that a response is available to warn the user.

This PR adds the three RPC methods listed above to the methods that will trigger dapp scanning when called.

Changelog

CHANGELOG entry: Trigger malicious website scanning when any EIP-7715 RPC method is executed

Testing

• Navigate to a dapp
• Open dev tools in the wallet
• Trigger one of the methods above

Expect a request to https://dapp-scanning.api.cx.metamask.io/scan?url= (or otherwise configured dapp-scanning URL

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Adds new RPC methods to the trust-signals scan trigger path, which can increase phishing scan calls and affect UX/performance for dapps using EIP-7715. Behavior change is localized and covered by targeted tests.

Overview
Adds the EIP-7715 execution-permissions RPC methods (e.g. wallet_requestExecutionPermissions) to the set of requests that trigger dapp origin scanning via phishingController.scanUrl, even when no connection is established.

Introduces MESSAGE_TYPE constants and a new isEip7715AdvancedPermissionsRequest helper, and extends trust-signals-middleware tests to assert scanning occurs only when an origin is present for each new method.

^{Written by Cursor Bugbot for commit 7ac3033. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbotv2]

Builds ready [3a25058]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	310	275	350	33	335	350
	total	310	275	350	33	335	350
Confirm Tx	confirm_tx	5988	5974	6003	10	5989	6003
	total	5988	5974	6003	10	5989	6003
Bridge User Actions	bridge_load_page	229	193	258	27	251	258
	bridge_load_asset_picker	157	109	236	48	183	236
	bridge_search_token	692	691	694	1	692	694
	total	1068	1051	1088	15	1076	1088

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Standard Home	uiStartup	1430	1181	1845	121	1456	1692
	load	1201	983	1481	100	1233	1415
	domContentLoaded	1193	978	1439	96	1230	1383
	domInteractive	28	16	96	18	25	79
	firstPaint	169	69	1197	131	215	339
	backgroundConnect	215	195	426	27	218	250
	firstReactRender	19	14	35	4	21	29
	initialActions	1	0	6	1	2	4
	loadScripts	996	795	1230	91	1025	1177
	setupStore	13	7	27	4	15	20
	numNetworkReqs	31	22	91	19	22	81
Power User Home	uiStartup	1721	1363	2721	191	1764	2068
	load	1145	1015	1844	156	1125	1559
	domContentLoaded	1130	1010	1838	155	1115	1550
	domInteractive	36	18	159	24	37	89
	firstPaint	161	74	453	80	207	313
	backgroundConnect	291	255	429	28	295	339
	firstReactRender	24	15	71	9	26	40
	initialActions	1	0	9	2	1	4
	loadScripts	921	815	1555	145	909	1305
	setupStore	16	7	62	7	17	26
	numNetworkReqs	59	39	173	28	56	140

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	219	217	222	2	221	222
	srpButtonToSrpForm	93	91	95	2	94	95
	confirmSrpToPwForm	22	22	22	0	22	22
	pwFormToMetricsScreen	15	15	16	0	15	16
	metricsToWalletReadyScreen	16	16	17	0	16	17
	doneButtonToHomeScreen	619	588	655	29	654	655
	openAccountMenuToAccountListLoaded	2922	2902	2939	14	2929	2939
	total	3900	3870	3924	21	3915	3924
Onboarding New Wallet	createWalletToSocialScreen	220	219	222	1	221	222
	srpButtonToPwForm	109	107	112	2	109	112
	createPwToRecoveryScreen	8	8	9	0	9	9
	skipBackupToMetricsScreen	36	34	38	1	36	38
	agreeButtonToOnboardingSuccess	17	17	17	0	17	17
	doneButtonToAssetList	489	482	502	8	495	502
	total	881	870	890	8	889	890
Asset Details	assetClickToPriceChart	47	39	52	5	52	52
	total	47	39	52	5	52	52
Solana Asset Details	assetClickToPriceChart	75	72	77	2	76	77
	total	75	72	77	2	76	77
Import Srp Home	loginToHomeScreen	2272	2188	2380	74	2299	2380
	openAccountMenuAfterLogin	49	32	65	13	60	65
	homeAfterImportWithNewWallet	2615	2378	2988	248	2835	2988
	total	4831	4248	5275	391	5261	5275
Send Transactions	openSendPageFromHome	22	18	28	4	27	28
	selectTokenToSendFormLoaded	19	16	21	2	20	21
	reviewTransactionToConfirmationPage	849	843	854	5	853	854
	total	892	888	894	3	894	894
Swap	openSwapPageFromHome	119	116	121	3	121	121
	fetchAndDisplaySwapQuotes	2889	2888	2890	1	2890	2890
	total	3015	3006	3024	8	3024	3024

🌐 Dapp Page Load Benchmarks

Current Commit: 3a25058 | Date: 3/4/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.06s (±44ms) 🟡 | historical mean value: 1.06s ⬇️ (historical data)
• domContentLoaded-> current mean value: 741ms (±36ms) 🟢 | historical mean value: 747ms ⬇️ (historical data)
• firstContentfulPaint-> current mean value: 82ms (±13ms) 🟢 | historical mean value: 83ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.06s	44ms	1.02s	1.34s	1.08s	1.34s
domContentLoaded	741ms	36ms	716ms	1.01s	761ms	1.01s
firstPaint	82ms	13ms	68ms	204ms	88ms	204ms
firstContentfulPaint	82ms	13ms	68ms	204ms	88ms	204ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 3.18 KiB (0.06%)
• ui: 16.08 KiB (0.19%)
• common: -5.58 KiB (-0.05%)

[metamaskbotv2]

Builds ready [7dcb26c]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	307	272	332	24	326	332
	total	307	272	332	24	326	332
Confirm Tx	confirm_tx	6068	6065	6072	3	6072	6072
	total	6068	6065	6072	3	6072	6072
Bridge User Actions	bridge_load_page	236	182	304	43	259	304
	bridge_load_asset_picker	218	170	253	31	238	253
	bridge_search_token	757	698	885	71	784	885
	total	1156	1097	1226	57	1199	1226

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Standard Home	uiStartup	1412	1157	1770	114	1464	1646
	load	1180	976	1456	101	1222	1375
	domContentLoaded	1172	947	1436	99	1216	1363
	domInteractive	28	17	110	19	24	79
	firstPaint	188	67	1299	133	220	333
	backgroundConnect	212	188	278	17	216	251
	firstReactRender	19	11	37	5	20	28
	initialActions	1	0	5	1	2	4
	loadScripts	979	767	1244	99	1023	1171
	setupStore	13	7	42	5	14	21
	numNetworkReqs	31	22	100	21	22	88
Power User Home	uiStartup	1712	1410	2255	151	1778	2031
	load	1150	1036	1662	141	1140	1512
	domContentLoaded	1134	1029	1651	139	1128	1499
	domInteractive	34	19	130	20	34	88
	firstPaint	156	73	376	71	198	284
	backgroundConnect	297	257	441	33	308	363
	firstReactRender	23	14	45	6	25	37
	initialActions	1	0	9	1	1	3
	loadScripts	921	806	1418	135	907	1292
	setupStore	15	6	45	6	18	28
	numNetworkReqs	57	37	161	25	54	116

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	219	218	219	0	219	219
	srpButtonToSrpForm	96	94	98	2	96	98
	confirmSrpToPwForm	22	21	22	0	22	22
	pwFormToMetricsScreen	15	15	16	0	16	16
	metricsToWalletReadyScreen	16	16	17	0	16	17
	doneButtonToHomeScreen	621	586	673	31	638	673
	openAccountMenuToAccountListLoaded	2922	2910	2938	11	2929	2938
	total	3913	3890	3953	24	3928	3953
Onboarding New Wallet	createWalletToSocialScreen	219	218	219	0	219	219
	srpButtonToPwForm	107	105	108	1	108	108
	createPwToRecoveryScreen	8	8	9	0	9	9
	skipBackupToMetricsScreen	36	34	39	2	37	39
	agreeButtonToOnboardingSuccess	16	16	16	0	16	16
	doneButtonToAssetList	587	473	747	131	746	747
	total	974	858	1137	133	1137	1137
Asset Details	assetClickToPriceChart	53	33	78	19	76	78
	total	53	33	78	19	76	78
Solana Asset Details	assetClickToPriceChart	75	75	76	0	76	76
	total	75	75	76	0	76	76
Import Srp Home	loginToHomeScreen	2031	1911	2227	113	2079	2227
	openAccountMenuAfterLogin	45	35	55	7	48	55
	homeAfterImportWithNewWallet	2698	2602	2919	121	2735	2919
	total	4774	4561	4957	142	4906	4957
Send Transactions	openSendPageFromHome	24	17	31	5	27	31
	selectTokenToSendFormLoaded	19	17	21	1	19	21
	reviewTransactionToConfirmationPage	848	848	849	0	849	849
	total	891	883	899	6	894	899
Swap	openSwapPageFromHome	117	109	133	10	116	133
	fetchAndDisplaySwapQuotes	2899	2896	2902	2	2899	2902
	total	3013	3000	3030	12	3018	3030

🌐 Dapp Page Load Benchmarks

Current Commit: 7dcb26c | Date: 3/4/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.04s (±43ms) 🟡 | historical mean value: 1.06s ⬇️ (historical data)
• domContentLoaded-> current mean value: 732ms (±39ms) 🟢 | historical mean value: 748ms ⬇️ (historical data)
• firstContentfulPaint-> current mean value: 82ms (±14ms) 🟢 | historical mean value: 83ms ⬇️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.04s	43ms	1.01s	1.36s	1.08s	1.36s
domContentLoaded	732ms	39ms	701ms	1.03s	767ms	1.03s
firstPaint	82ms	14ms	60ms	212ms	88ms	212ms
firstContentfulPaint	82ms	14ms	60ms	212ms	88ms	212ms
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 3.18 KiB (0.06%)
• ui: 16.08 KiB (0.19%)
• common: -5.58 KiB (-0.05%)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[metamaskbotv2]

Builds ready [7ac3033]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	270	267	274	3	272	274
	total	270	267	274	3	272	274
Confirm Tx	confirm_tx	6070	6055	6092	13	6068	6092
	total	6070	6055	6092	13	6068	6092
Bridge User Actions	bridge_load_page	236	224	250	9	235	250
	bridge_load_asset_picker	151	142	172	12	144	172
	bridge_search_token	704	702	706	2	705	706
	total	1090	1081	1102	9	1096	1102

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Standard Home	uiStartup	1457	1241	1955	112	1499	1669
	load	1226	1039	1631	97	1264	1390
	domContentLoaded	1220	1033	1619	95	1260	1378
	domInteractive	29	17	114	19	26	75
	firstPaint	170	72	496	84	226	322
	backgroundConnect	225	205	411	23	228	255
	firstReactRender	19	14	41	5	20	31
	initialActions	1	0	8	1	1	4
	loadScripts	1012	831	1419	95	1046	1174
	setupStore	13	6	40	6	15	22
	numNetworkReqs	31	22	102	20	25	84
Power User Home	uiStartup	1730	1409	2676	189	1769	2086
	load	1163	1030	1754	158	1164	1610
	domContentLoaded	1149	1020	1747	157	1154	1595
	domInteractive	38	18	178	28	36	106
	firstPaint	177	78	453	86	240	323
	backgroundConnect	305	255	500	34	317	375
	firstReactRender	23	15	55	8	24	42
	initialActions	1	0	4	1	1	2
	loadScripts	929	807	1510	150	907	1342
	setupStore	17	6	55	8	18	32
	numNetworkReqs	59	36	162	29	54	143

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	220	219	220	0	220	220
	srpButtonToSrpForm	99	93	107	5	102	107
	confirmSrpToPwForm	23	23	24	0	23	24
	pwFormToMetricsScreen	16	15	16	0	16	16
	metricsToWalletReadyScreen	16	16	17	1	17	17
	doneButtonToHomeScreen	607	602	610	3	608	610
	openAccountMenuToAccountListLoaded	2931	2913	2945	13	2944	2945
	total	3918	3882	3955	25	3933	3955
Onboarding New Wallet	createWalletToSocialScreen	222	221	224	1	223	224
	srpButtonToPwForm	119	108	128	7	124	128
	createPwToRecoveryScreen	10	9	13	2	12	13
	skipBackupToMetricsScreen	40	40	41	1	41	41
	agreeButtonToOnboardingSuccess	19	18	21	1	20	21
	doneButtonToAssetList	612	493	777	103	680	777
	total	1024	886	1211	114	1087	1211
Asset Details	assetClickToPriceChart	136	125	152	9	140	152
	total	136	125	152	9	140	152
Solana Asset Details	assetClickToPriceChart	108	92	120	9	114	120
	total	108	92	120	9	114	120
Import Srp Home	loginToHomeScreen	2079	1875	2326	160	2140	2326
	openAccountMenuAfterLogin	39	35	45	4	42	45
	homeAfterImportWithNewWallet	2678	2459	2947	173	2781	2947
	total	4800	4633	4958	136	4909	4958
Send Transactions	openSendPageFromHome	24	19	30	4	26	30
	selectTokenToSendFormLoaded	24	18	30	4	27	30
	reviewTransactionToConfirmationPage	851	848	858	4	849	858
	total	898	886	915	11	896	915
Swap	openSwapPageFromHome	41	36	45	3	41	45
	fetchAndDisplaySwapQuotes	2696	2695	2698	1	2698	2698
	total	2735	2731	2739	3	2739	2739

🌐 Dapp Page Load Benchmarks

Current Commit: 7ac3033 | Date: 3/5/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.06s (±99ms) 🟡 | historical mean value: 1.05s ⬆️ (historical data)
• domContentLoaded-> current mean value: 751ms (±124ms) 🟢 | historical mean value: 740ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 92ms (±106ms) 🟢 | historical mean value: 82ms ⬆️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.06s	99ms	1.03s	2.01s	1.10s	2.01s
domContentLoaded	751ms	124ms	721ms	1.96s	767ms	1.96s
firstPaint	92ms	106ms	64ms	1.14s	88ms	1.14s
firstContentfulPaint	92ms	106ms	64ms	1.14s	88ms	1.14s
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs

• background: 363 Bytes (0.01%)
• ui: 5 Bytes (0%)
• common: 260 Bytes (0%)

[wzrdk3lly]

PR looks good to me. Due to EIP-7715 not requiring the traditional connect wallet flow, I agree dapp scanning should be performed for EIP-7715 request.

[AugmentedMode]

The scan triggering is correct and will populate the urlScanCache. However, the warning won't actually display on the first screen the user sees -- the snap dialog renders through TemplateAlertContextProvider which doesn't include useOriginTrustSignalAlerts. The warning only surfaces on the second step (the eth_signTypedData_v4 delegation signing screen), which uses the redesigned confirm flow that does wire in origin trust signal alerts. Just flagging the gap so it's a conscious decision.

Can you confirm this is what you are expecting ? This PR will fill the cache. But in order to fire an alert this hook must be called useOriginTrustSignalAlerts

[jeffsmale90]

@AugmentedMode thanks for the detailed feedback!

Yes that's exactly what we are after here. MetaMask/snap-7715-permissions#275 fetches directly from the service and surfaces the alert in the snap dialog.