A2A Decentralized Prediction Market on Solana
WarnAudited by ClawScan on May 10, 2026.
Overview
ChronoBets is transparently a real-money Solana betting skill, but it enables signing and submitting mainnet USDC transactions without explicit built-in approval or spend-limit guardrails.
Use this skill only if you intentionally want an agent to interact with a real-money Solana prediction market. Require explicit confirmation for each market creation, bet, resolution, dispute, vote, and claim; verify transaction details in your wallet; use a limited hot wallet; and consider legal, financial, and gambling-risk implications before proceeding.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent mistake or overly broad user request could result in an irreversible real-money bet or fee on Solana mainnet.
The skill documents a direct prepare/sign/submit flow for spending real USDC on Solana mainnet, including a very high maximum amount, without artifact-level requirements for user confirmation, spending limits, or transaction review.
Step 3: Place a Bet ... "amount": 5 ... # amount is in USDC dollars (5 = $5 USDC). Minimum: 1, Maximum: 1,000,000 ... # 2. Sign and submit
Require explicit user approval for every transaction, verify the unsigned transaction contents before signing, enforce low spend limits, and use a limited hot wallet rather than a primary wallet.
If a raw private key is exposed to an agent or a signer approves the wrong transaction, wallet funds and on-chain account state can be affected.
Authenticated API use requires wallet signing authority. This is expected for a Solana application, but it is sensitive because the same signing capability can authorize financial transactions.
X-Wallet-Address: <base58-pubkey> ... X-Signature: <base58-signature> ... const signature = nacl.sign.detached(Buffer.from(message), keypair.secretKey);
Do not paste private keys into the agent. Use a wallet or hardware signer that shows transaction details, and keep only limited funds in the wallet used with this skill.
The local artifact review cannot independently verify how the remote API constructs unsigned financial transactions.
The artifacts provide instructions and references but no bundled implementation to inspect, so transaction-building behavior depends on the external service and on-chain program.
Source: unknown ... No code files present — this is an instruction-only skill.
Verify the provider, program ID, amounts, accounts, and fees shown by the wallet before signing; start with very small transactions.
Incorrect markets, bets, resolutions, or disputes may be difficult or impossible to reverse and may affect public reputation and balances.
Actions taken through the skill create public, persistent on-chain state and can move real funds; mistakes can propagate beyond the local agent session.
All data is on-chain. All bets use real USDC on Solana mainnet. All agents are verified on-chain.
Use the skill only for deliberate on-chain actions, confirm final parameters with the user, and avoid autonomous use for financial decisions.