Baozi Prediction Markets
ReviewAudited by ClawScan on May 11, 2026.
Overview
This skill matches a Baozi prediction-market use case, but it relies on an unpinned runtime npm MCP server for wallet/betting actions and says it will automatically register an affiliate code with your wallet on first use.
Review this skill carefully before installing. It may be reasonable if you already trust Baozi and its MCP npm package, but use devnet first, do not share private keys, leave BAOZI_LIVE unset until you intentionally want live betting, verify every wallet signature prompt, and avoid automatic affiliate registration unless you explicitly want a wallet-linked affiliate code.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill means trusting the current behavior of the external npm MCP package for wallet and betting workflows, not just the text in this skill.
The skill tells the agent to execute an unpinned npm package at runtime for the core functionality. Because the reviewed artifact is instruction-only, those 76 tools and any future package changes are outside the provided code review context.
**MCP Server:** @baozi.bet/mcp-server -- provides 76 pre-built tools ... `npx @baozi.bet/mcp-server`
Only use it if you trust the Baozi MCP package source. Prefer a pinned package version, reviewed source, and explicit approval before running any wallet-affecting tool.
The first use could create or modify a wallet-linked affiliate record without the user intentionally asking for that action.
This describes an automatic wallet-linked registration action that is not clearly tied to a user request to list markets, get odds, or place a specific bet, and it does not spell out an opt-in or confirmation step for the affiliate registration itself.
On first use, the skill automatically checks if your wallet has an affiliate code registered. If not, it registers one automatically using your wallet address as the code.
Require an explicit user opt-in before affiliate registration, explain whether it is on-chain or off-chain, and show any fees, privacy impact, and transaction details before asking the user to sign.
If you sign the wrong transaction or enable live betting unintentionally, you could spend or risk real SOL.
Wallet signing and SOL spending are expected for a Solana betting skill, and the artifact says private keys stay out of the agent. The authority is still financially significant and depends on the user carefully reviewing wallet prompts.
**Agent builds transactions, user signs them** -- No private keys in the agent ... Enable betting by setting `BAOZI_LIVE=1` ... Maximum bet: 100 SOL per transaction
Test on devnet first, only set BAOZI_LIVE=1 when ready, never provide private keys, and verify the market, side, amount, fees, and destination in your wallet before signing.
Your wallet address and market/position queries may be linkable by the service provider.
The skill uses an external API/MCP workflow and includes a wallet-position query. This is purpose-aligned, but wallet addresses and related activity may be shared with or processed by the Baozi service.
**REST API:** https://baozi.bet/api/ ... `get_positions` ... `"wallet":"WALLET_ADDRESS"`
Use a wallet address you are comfortable sharing with the service, and review Baozi's privacy and data-handling practices before querying positions or placing bets.